CVE-2010-1797

EXPLOITED

iPhone OS - Remote Code Execution via Crafted CFF Opcodes in Embedded Fonts

Title source: llm

Exploitation Summary

CVE-2010-1797 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 2 public exploits from researchers including jailbreakme, Jose Miguel Esparza.

AI-analyzed exploit summary The entry describes a PDF exploit for iOS jailbreaking but only provides an external download link without any technical details or actual exploit code. This is characteristic of a social engineering lure.

Description

Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information.

Exploits (2)

exploitdb SUSPICIOUS VERIFIED

by jailbreakme · textlocalios

https://www.exploit-db.com/exploits/14538

View Code ZIP pw:eip

The entry describes a PDF exploit for iOS jailbreaking but only provides an external download link without any technical details or actual exploit code. This is characteristic of a social engineering lure.

Classification

Suspicious 90%

Attack Type

Other

Complexity

Theoretical

Reliability

Theoretical

Target: Apple iOS (unspecified version)

No auth needed

Prerequisites: Access to the external download link

devstral-2 · analyzed Feb 18, 2026 Full analysis →

exploitdb WORKING POC

by Jose Miguel Esparza · pythonlocalwindows

https://www.exploit-db.com/exploits/14727

View Code ZIP pw:eip

This exploit targets a stack-based buffer overflow in FreeType's Compact Font Format (CFF) parsing in Foxit Reader <= 4.0. It crafts a malicious PDF with a specially encoded shellcode to achieve remote code execution via a crafted CFF stream.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Foxit Reader <= 4.0

No auth needed

Prerequisites: Victim must open the malicious PDF file

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (22)

Core 22

Core References

Patch x_refsource_confirm

http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=018f5c27813dd7eef4648fe254632ecea0c85a50

Issue Tracking x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=621144

Patch x_refsource_confirm

http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=11d65e8a1f1f14e56148fd991965424d9bd1cdbc

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/14538

Issue Tracking x_refsource_confirm

https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/2018

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/66828

Various Sources x_refsource_misc

http://www.f-secure.com/weblog/archives/00002002.html

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-972-1

Vendor Advisory vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2010//Aug/msg00001.html

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/40816

Vendor Advisory x_refsource_confirm

http://support.apple.com/kb/HT4292

Product x_refsource_confirm

http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2

Product x_refsource_confirm

http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/42151

Vendor Advisory x_refsource_confirm

http://support.apple.com/kb/HT4291

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/40982

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/2106

Mailing List vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2010//Aug/msg00000.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/48951

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/60856

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/40807

Scores

EPSS 0.5972

EPSS Percentile 98.3%

Details

VulnCheck KEV 2010-08-05

CWE

CWE-119

Status published

Products (21)

apple/iphone_os 1.0.0

apple/iphone_os 1.0.1 (2 CPE variants)

apple/iphone_os 1.0.2 (2 CPE variants)

apple/iphone_os 1.1.0 (3 CPE variants)

apple/iphone_os 1.1.1 (2 CPE variants)

apple/iphone_os 1.1.2 (3 CPE variants)

apple/iphone_os 1.1.3 (3 CPE variants)

apple/iphone_os 1.1.4 (3 CPE variants)

apple/iphone_os 1.1.5 (3 CPE variants)

apple/iphone_os 2.0

... and 11 more

Published Aug 16, 2010

Tracked Since Feb 18, 2026