Lucene search

K
cveAppleCVE-2010-3814
HistoryNov 26, 2010 - 8:00 p.m.

CVE-2010-3814

2010-11-2620:00:02
CWE-119
apple
web.nvd.nist.gov
50
cve-2010-3814
freetype
buffer overflow
remote code execution
denial of service
nvd
security advisory

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.3

Confidence

High

EPSS

0.16

Percentile

96.0%

Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c in FreeType 2.4.3 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted SHZ bytecode instruction, related to TrueType opcodes, as demonstrated by a PDF document with a crafted embedded font.

Affected configurations

Nvd
Node
freetypefreetypeRange2.4.3
OR
freetypefreetypeMatch1.3.1
OR
freetypefreetypeMatch2.0.6
OR
freetypefreetypeMatch2.0.9
OR
freetypefreetypeMatch2.1
OR
freetypefreetypeMatch2.1.3
OR
freetypefreetypeMatch2.1.4
OR
freetypefreetypeMatch2.1.5
OR
freetypefreetypeMatch2.1.6
OR
freetypefreetypeMatch2.1.7
OR
freetypefreetypeMatch2.1.8
OR
freetypefreetypeMatch2.1.8rc1
OR
freetypefreetypeMatch2.1.9
OR
freetypefreetypeMatch2.1.10
OR
freetypefreetypeMatch2.2.0
OR
freetypefreetypeMatch2.2.1
OR
freetypefreetypeMatch2.2.10
OR
freetypefreetypeMatch2.3.0
OR
freetypefreetypeMatch2.3.1
OR
freetypefreetypeMatch2.3.2
OR
freetypefreetypeMatch2.3.3
OR
freetypefreetypeMatch2.3.4
OR
freetypefreetypeMatch2.3.5
OR
freetypefreetypeMatch2.3.6
OR
freetypefreetypeMatch2.3.7
OR
freetypefreetypeMatch2.3.8
OR
freetypefreetypeMatch2.3.9
OR
freetypefreetypeMatch2.3.10
OR
freetypefreetypeMatch2.3.11
OR
freetypefreetypeMatch2.3.12
OR
freetypefreetypeMatch2.4.0
OR
freetypefreetypeMatch2.4.1
OR
freetypefreetypeMatch2.4.2
VendorProductVersionCPE
freetypefreetype*cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:*
freetypefreetype1.3.1cpe:2.3:a:freetype:freetype:1.3.1:*:*:*:*:*:*:*
freetypefreetype2.0.6cpe:2.3:a:freetype:freetype:2.0.6:*:*:*:*:*:*:*
freetypefreetype2.0.9cpe:2.3:a:freetype:freetype:2.0.9:*:*:*:*:*:*:*
freetypefreetype2.1cpe:2.3:a:freetype:freetype:2.1:*:*:*:*:*:*:*
freetypefreetype2.1.3cpe:2.3:a:freetype:freetype:2.1.3:*:*:*:*:*:*:*
freetypefreetype2.1.4cpe:2.3:a:freetype:freetype:2.1.4:*:*:*:*:*:*:*
freetypefreetype2.1.5cpe:2.3:a:freetype:freetype:2.1.5:*:*:*:*:*:*:*
freetypefreetype2.1.6cpe:2.3:a:freetype:freetype:2.1.6:*:*:*:*:*:*:*
freetypefreetype2.1.7cpe:2.3:a:freetype:freetype:2.1.7:*:*:*:*:*:*:*
Rows per page:
1-10 of 331

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.3

Confidence

High

EPSS

0.16

Percentile

96.0%