6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
FreeType is vulnerable to Denial Of Service (DoS). Several buffer overflow flaws were found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.
git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=5ef20c8c1d4de12a84b50ba497c2a358c90ec44b
git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=b2ea64bcc6c385a8e8318f9c759450a07df58b6d
lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
lists.nongnu.org/archive/html/freetype/2010-07/msg00001.html
marc.info/?l=oss-security&m=127905701201340&w=2
marc.info/?l=oss-security&m=127909326909362&w=2
secunia.com/advisories/48951
securitytracker.com/id?1024266
support.apple.com/kb/HT4435
www.debian.org/security/2010/dsa-2070
www.mandriva.com/security/advisories?name=MDVSA-2010:137
www.redhat.com/security/updates/classification/#important
www.redhat.com/support/errata/RHSA-2010-0578.html
www.ubuntu.com/usn/USN-963-1
access.redhat.com/errata/RHSA-2010:0578
access.redhat.com/security/cve/CVE-2010-2519
bugzilla.redhat.com/show_bug.cgi?id=613194
savannah.nongnu.org/bugs/?30306