Lucene search

K

Veracode Vulnerability DatabaseVERACODE:24228

HistoryApr 10, 2020 - 12:49 a.m.

Arbitrary Code Execution

2020-04-1000:49:48

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

16

EPSS

0.016

Percentile

87.3%

freetype is vulnerable to arbitrary code execution. The vulnerability exists as an integer overflow flaw was found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.

References

git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=6305b869d86ff415a33576df6d43729673c66eee

lists.apple.com/archives/security-announce/2010//Nov/msg00000.html

lists.nongnu.org/archive/html/freetype/2010-07/msg00001.html

marc.info/?l=oss-security&m=127905701201340&w=2

marc.info/?l=oss-security&m=127909326909362&w=2

secunia.com/advisories/48951

securitytracker.com/id?1024266

support.apple.com/kb/HT4435

www.debian.org/security/2010/dsa-2070

www.mandriva.com/security/advisories?name=MDVSA-2010:137

www.redhat.com/security/updates/classification/#important

www.redhat.com/support/errata/RHSA-2010-0577.html

www.redhat.com/support/errata/RHSA-2010-0578.html

www.ubuntu.com/usn/USN-963-1

access.redhat.com/errata/RHSA-2010:0577

access.redhat.com/errata/RHSA-2010:0578

access.redhat.com/security/cve/CVE-2010-2500

bugzilla.redhat.com/show_bug.cgi?id=613167

savannah.nongnu.org/bugs/?30263

EPSS

0.016

Percentile

87.3%

Related for VERACODE:24228

prion1 cvelist1 ubuntucve1 debiancve1 nvd1 cve1 oraclelinux2 nessus26 openvas28 redhat3 centos2 ubuntu1 n0where1 debian1 securityvulns3 fedora4 gentoo1 suse1