CVE-2010-1797

EXPLOITED

Apple Iphone OS - Memory Corruption

Title source: rule

Description

Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information.

Exploits (2)

exploitdb SUSPICIOUS VERIFIED

by jailbreakme · textlocalios

https://www.exploit-db.com/exploits/14538

View Code ZIP pw:eip

exploitdb WORKING POC

by Jose Miguel Esparza · pythonlocalwindows

https://www.exploit-db.com/exploits/14727

View Code ZIP pw:eip

References (22)

[Product] http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2

[Mailing List] http://lists.apple.com/archives/security-announce/2010//Aug/msg00000.html

[Vendor Advisory] http://lists.apple.com/archives/security-announce/2010//Aug/msg00001.html

[Vendor Advisory] http://secunia.com/advisories/40807

[Vendor Advisory] http://secunia.com/advisories/40816

[Vendor Advisory] http://secunia.com/advisories/40982

[Product] http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view

[Vendor Advisory] http://support.apple.com/kb/HT4291

[Vendor Advisory] http://support.apple.com/kb/HT4292

[Exploit] http://www.exploit-db.com/exploits/14538

[Various Sources] http://www.f-secure.com/weblog/archives/00002002.html

[Exploit] http://www.securityfocus.com/bid/42151

[Vendor Advisory] http://www.ubuntu.com/usn/USN-972-1

[Vendor Advisory] http://www.vupen.com/english/advisories/2010/2018

[Vendor Advisory] http://www.vupen.com/english/advisories/2010/2106

[Issue Tracking] https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=621144

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/60856

[Patch] http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=018f5c27813dd7eef4648fe254632ecea0c85a50

[Patch] http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=11d65e8a1f1f14e56148fd991965424d9bd1cdbc

... and 2 more

Scores

EPSS 0.5972

EPSS Percentile 98.3%

Details

VulnCheck KEV 2010-08-05

CWE

CWE-119

Status published

Products (21)

apple/iphone_os 1.0.0

apple/iphone_os 1.0.1 (2 CPE variants)

apple/iphone_os 1.0.2 (2 CPE variants)

apple/iphone_os 1.1.0 (3 CPE variants)

apple/iphone_os 1.1.1 (2 CPE variants)

apple/iphone_os 1.1.2 (3 CPE variants)

apple/iphone_os 1.1.3 (3 CPE variants)

apple/iphone_os 1.1.4 (3 CPE variants)

apple/iphone_os 1.1.5 (3 CPE variants)

apple/iphone_os 2.0

... and 11 more

Published Aug 16, 2010

Tracked Since Feb 18, 2026