Lucene search

K

[email protected]NVD:CVE-2010-3311

HistoryJan 07, 2011 - 11:00 p.m.

CVE-2010-3311

2011-01-0723:00:18

CWE-189

[email protected]

web.nvd.nist.gov

9

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

8

Confidence

Low

EPSS

0.58

Percentile

97.8%

Integer overflow in base/ftstream.c in libXft (aka the X FreeType library) in FreeType before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Compact Font Format (CFF) font file that triggers a heap-based buffer overflow, related to an “input stream position error” issue, a different vulnerability than CVE-2010-1797.

Affected configurations

Nvd

Node

freetypefreetypeRange≤2.3.12

OR

freetypefreetypeMatch1.3.1

OR

freetypefreetypeMatch2.0.6

OR

freetypefreetypeMatch2.0.9

OR

freetypefreetypeMatch2.1

OR

freetypefreetypeMatch2.1.3

OR

freetypefreetypeMatch2.1.4

OR

freetypefreetypeMatch2.1.5

OR

freetypefreetypeMatch2.1.6

OR

freetypefreetypeMatch2.1.7

OR

freetypefreetypeMatch2.1.8

OR

freetypefreetypeMatch2.1.8rc1

OR

freetypefreetypeMatch2.1.9

OR

freetypefreetypeMatch2.1.10

OR

freetypefreetypeMatch2.2.0

OR

freetypefreetypeMatch2.2.1

OR

freetypefreetypeMatch2.2.10

OR

freetypefreetypeMatch2.3.0

OR

freetypefreetypeMatch2.3.1

OR

freetypefreetypeMatch2.3.2

OR

freetypefreetypeMatch2.3.3

OR

freetypefreetypeMatch2.3.4

OR

freetypefreetypeMatch2.3.5

OR

freetypefreetypeMatch2.3.6

OR

freetypefreetypeMatch2.3.7

OR

freetypefreetypeMatch2.3.8

OR

freetypefreetypeMatch2.3.9

OR

freetypefreetypeMatch2.3.10

OR

freetypefreetypeMatch2.3.11

References

lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html

secunia.com/advisories/48951

www.debian.org/security/2010/dsa-2116

www.mandriva.com/security/advisories?name=MDVSA-2010:201

www.redhat.com/support/errata/RHSA-2010-0864.html

www.securityfocus.com/bid/43700

www.ubuntu.com/usn/USN-1013-1

bugzilla.redhat.com/show_bug.cgi?id=623625

rhn.redhat.com/errata/RHSA-2010-0736.html

rhn.redhat.com/errata/RHSA-2010-0737.html

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

8

Confidence

Low

EPSS

0.58

Percentile

97.8%

Related for NVD:CVE-2010-3311