CVE-2010-2807

FreeType <2.4.2 - DoS/Code Injection

Title source: llm

Description

FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.

References (21)

Core 21

Core References

Issue Tracking, Release Notes, Third Party Advisory x_refsource_confirm

https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/3046

Issue Tracking, Third Party Advisory x_refsource_confirm

https://savannah.nongnu.org/bugs/?30657

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/3045

Broken Link x_refsource_confirm

http://support.apple.com/kb/HT4435

Third Party Advisory x_refsource_confirm

http://support.apple.com/kb/HT4457

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/2018

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-972-1

Mailing List, Third Party Advisory vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html

Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist

http://marc.info/?l=oss-security&m=128111955616772&w=2

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/42317

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/40816

Release Notes, Third Party Advisory x_refsource_confirm

http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/42314

Patch, Third Party Advisory x_refsource_confirm

http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=346f1867fd32dae8f56e5b482d1af98f626804ac

Product, Third Party Advisory x_refsource_confirm

http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/40982

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/2106

Third Party Advisory x_refsource_confirm

http://support.apple.com/kb/HT4456

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/42285

Mailing List, Third Party Advisory vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html

Scores

EPSS 0.0420

EPSS Percentile 89.6%

Details

CWE

CWE-681

Status published

Products (9)

apple/iphone_os < 4.2

apple/mac_os_x < 10.6.5

apple/tvos < 4.1.0

canonical/ubuntu_linux 6.06

canonical/ubuntu_linux 8.04

canonical/ubuntu_linux 9.04

canonical/ubuntu_linux 9.10

canonical/ubuntu_linux 10.04

freetype/freetype < 2.4.2

Published Aug 19, 2010

Tracked Since Feb 18, 2026