CVE-2010-1797

2010-08-1200:00:00

ubuntu.com

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.513 Medium

EPSS

Percentile

97.5%

JSON

Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings
function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in
FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and
iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute
arbitrary code or cause a denial of service (memory corruption) via crafted
CFF opcodes in embedded fonts in a PDF document, as demonstrated by
JailbreakMe. NOTE: some of these details are obtained from third party
information.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchfreetype< 2.1.10-1ubuntu2.8UNKNOWN
ubuntu8.04noarchfreetype< 2.3.5-1ubuntu4.8.04.4UNKNOWN
ubuntu9.04noarchfreetype< 2.3.9-4ubuntu0.3UNKNOWN
ubuntu9.10noarchfreetype< 2.3.9-5ubuntu0.2UNKNOWN
ubuntu10.04noarchfreetype< 2.3.11-1ubuntu2.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	6.06	noarch	freetype	< 2.1.10-1ubuntu2.8	UNKNOWN
ubuntu	8.04	noarch	freetype	< 2.3.5-1ubuntu4.8.04.4	UNKNOWN
ubuntu	9.04	noarch	freetype	< 2.3.9-4ubuntu0.3	UNKNOWN
ubuntu	9.10	noarch	freetype	< 2.3.9-5ubuntu0.2	UNKNOWN
ubuntu	10.04	noarch	freetype	< 2.3.11-1ubuntu2.2	UNKNOWN