6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
freetype is vulnerable to arbitrary code execution. The vulnerability exists as an integer overflow flaw was found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.
git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=6305b869d86ff415a33576df6d43729673c66eee
lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
lists.nongnu.org/archive/html/freetype/2010-07/msg00001.html
marc.info/?l=oss-security&m=127905701201340&w=2
marc.info/?l=oss-security&m=127909326909362&w=2
secunia.com/advisories/48951
securitytracker.com/id?1024266
support.apple.com/kb/HT4435
www.debian.org/security/2010/dsa-2070
www.mandriva.com/security/advisories?name=MDVSA-2010:137
www.redhat.com/security/updates/classification/#important
www.redhat.com/support/errata/RHSA-2010-0577.html
www.redhat.com/support/errata/RHSA-2010-0578.html
www.ubuntu.com/usn/USN-963-1
access.redhat.com/errata/RHSA-2010:0577
access.redhat.com/errata/RHSA-2010:0578
access.redhat.com/security/cve/CVE-2010-2500
bugzilla.redhat.com/show_bug.cgi?id=613167
savannah.nongnu.org/bugs/?30263