Ubuntu Linux Security Vulnerabilities and Issues — Ubuntu Linux CVE List

Lucene search

CanonicalUbuntu Linux

15 matches found

CVE•added 2010/08/19 6:0 p.m.•88 views

CVE-2010-2541

Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.

6.8CVSS7.9AI score0.03207EPSS

CVE•added 2010/08/19 6:0 p.m.•80 views

CVE-2010-2807

FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.

6.8CVSS9.5AI score0.05194EPSS

CVE•added 2010/08/19 6:0 p.m.•78 views

CVE-2010-2806

Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based ...

6.8CVSS9.8AI score0.09383EPSS

CVE•added 2010/08/19 6:0 p.m.•77 views

CVE-2010-2808

Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN) font.

6.8CVSS9.8AI score0.07802EPSS

CVE•added 2010/08/19 6:0 p.m.•75 views

CVE-2010-2805

The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.

6.8CVSS9.5AI score0.05634EPSS

CVE•added 2010/08/19 6:0 p.m.•71 views

CVE-2010-2527

Multiple buffer overflows in demo programs in FreeType before 2.4.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.

6.8CVSS7.9AI score0.02329EPSS

CVE•added 2010/08/19 6:0 p.m.•69 views

CVE-2010-2499

Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted LaserWriter PS font file with an embedded PFB fragment.

6.8CVSS9AI score0.03379EPSS

CVE•added 2010/08/19 6:0 p.m.•69 views

CVE-2010-2500

Integer overflow in the gray_render_span function in smooth/ftgrays.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.

6.8CVSS9AI score0.02649EPSS

CVE•added 2010/08/19 6:0 p.m.•69 views

CVE-2010-2519

Heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted length value in a POST fragment header in a font file.

6.8CVSS9AI score0.0452EPSS

CVE•added 2010/08/19 6:0 p.m.•69 views

CVE-2010-2520

Heap-based buffer overflow in the Ins_IUP function in truetype/ttinterp.c in FreeType before 2.4.0, when TrueType bytecode support is enabled, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.

5.1CVSS9.7AI score0.03154EPSS

CVE•added 2010/08/19 6:0 p.m.•68 views

CVE-2010-2498

The psh_glyph_find_strong_points function in pshinter/pshalgo.c in FreeType before 2.4.0 does not properly implement hinting masks, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted font file th...

6.8CVSS9.1AI score0.02649EPSS

CVE•added 2010/08/24 8:0 p.m.•53 views

CVE-2010-3113

Google Chrome before 5.0.375.127, and webkitgtk before 1.2.5, does not properly handle SVG documents, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors related to state changes when using DeleteButtonControll...

10CVSS9.2AI score0.03062EPSS

CVE•added 2010/08/24 8:0 p.m.•51 views

CVE-2010-3116

Multiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to impr...

10CVSS9.2AI score0.12275EPSS

CVE•added 2010/08/24 8:0 p.m.•47 views

CVE-2010-3114

The text-editing implementation in Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, does not check a node type before performing a cast, which has unspecified impact and attack vectors related to (1) DeleteSelectionCommand.cpp, (2) InsertLineBreakCommand.cpp, or (3) InsertParagraphSepa...

10CVSS8.6AI score0.00625EPSS

CVE•added 2010/08/24 8:0 p.m.•45 views

CVE-2010-3115

Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, does not properly implement the history feature, which might allow remote attackers to spoof the address bar via unspecified vectors.

5CVSS8.7AI score0.01527EPSS