Lucene search

RedhatCVELIST:CVE-2010-2807

HistoryAug 19, 2010 - 5:43 p.m.

CVE-2010-2807

2010-08-1917:43:00

redhat

www.cve.org

9.7 High

AI Score

Confidence

High

0.023 Low

EPSS

Percentile

89.7%

JSON

FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.

References

freetype.sourceforge.net/index2.html#release-freetype-2.4.2

git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=346f1867fd32dae8f56e5b482d1af98f626804ac

lists.apple.com/archives/security-announce/2010//Nov/msg00000.html

lists.apple.com/archives/security-announce/2010//Nov/msg00003.html

marc.info/?l=oss-security&m=128111955616772&w=2

secunia.com/advisories/40816

secunia.com/advisories/40982

secunia.com/advisories/42314

secunia.com/advisories/42317

sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view

support.apple.com/kb/HT4435

support.apple.com/kb/HT4456

support.apple.com/kb/HT4457

www.securityfocus.com/bid/42285

www.ubuntu.com/usn/USN-972-1

www.vupen.com/english/advisories/2010/2018

www.vupen.com/english/advisories/2010/2106

www.vupen.com/english/advisories/2010/3045

www.vupen.com/english/advisories/2010/3046

bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019

savannah.nongnu.org/bugs/?30657