Vulnerability Name: CVE-2010-2499 (CCN-60398) Assigned: 2010-06-09 Published: 2010-06-09 Updated: 2021-04-06 Summary: Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted LaserWriter PS font file with an embedded PFB fragment. CVSS v3 Severity: 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): LowAvailibility (A): Low
CVSS v2 Severity: 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P )5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P )5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
6.8 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P )5.0 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
Vulnerability Type: CWE-120 Vulnerability Consequences: Gain Access References: Source: MITRE Type: CNACVE-2010-2499 Source: CONFIRM Type: Patch, Third Party Advisoryhttp://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=c69891a1345640096fbf396e8dd567fe879ce233 Source: CONFIRM Type: Patch, Third Party Advisoryhttp://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f29f741efbba0a5ce2f16464f648fb8d026ed4c8 Source: APPLE Type: Mailing List, Third Party AdvisoryAPPLE-SA-2010-11-10-1 Source: MLIST Type: Mailing List, Release Notes, Third Party Advisory[freetype] 20100712 FreeType 2.4.0 has been released Source: MLIST Type: Mailing List, Third Party Advisory[oss-security] 20100713 Multiple bugs in freetype Source: MLIST Type: Mailing List, Third Party Advisory[oss-security] 20100714 Re: Multiple bugs in freetype Source: CCN Type: RHSA-2010-0578Important: freetype security update Source: CCN Type: SA40586FreeType Multiple Vulnerabilities Source: SECUNIA Type: Third Party Advisory48951 Source: CCN Type: SECTRACK ID: 1024266FreeType 2 Font File Processing Errors Let Remote Users Execute Arbitrary Code Source: SECTRACK Type: Third Party Advisory, VDB Entry1024266 Source: CONFIRM Type: Broken Linkhttp://support.apple.com/kb/HT4435 Source: DEBIAN Type: Third Party AdvisoryDSA-2070 Source: DEBIAN Type: DSA-2070freetype -- several vulnerabilities Source: CCN Type: FreeType Web siteFreeType Source: MANDRIVA Type: Third Party AdvisoryMDVSA-2010:137 Source: CCN Type: OSVDB ID: 66466FreeType base/ftobjs.c Mac_Read_POST_Resource Function Crafted LaserWriter PS Font File Handling Overflow Source: REDHAT Type: Third Party AdvisoryRHSA-2010:0578 Source: CCN Type: BID-41663FreeType Versions Prior to 2.4.0 Multiple Remote Vulnerabilities Source: CCN Type: Swiecki Web siteProjects Source: UBUNTU Type: Third Party AdvisoryUSN-963-1 Source: CONFIRM Type: Issue Tracking, Patch, Third Party Advisoryhttps://bugzilla.redhat.com/show_bug.cgi?id=613162 Source: XF Type: UNKNOWNfreetype-fonts-bo(60398) Source: CONFIRM Type: Exploit, Issue Tracking, Third Party Advisoryhttps://savannah.nongnu.org/bugs/?30248 Source: CONFIRM Type: Issue Tracking, Third Party Advisoryhttps://savannah.nongnu.org/bugs/?30249 Source: SUSE Type: SUSE-SR:2010:016SUSE Security Summary Report Vulnerable Configuration: Configuration 1 :cpe:/a:freetype:freetype:*:*:*:*:*:*:*:* (Version < 2.4.0)Configuration 2 :cpe:/o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:* OR cpe:/o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:* OR cpe:/o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:* OR cpe:/o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:* OR cpe:/o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:* Configuration 3 :cpe:/o:apple:mac_os_x:*:*:*:*:*:*:*:* (Version < 10.6.5)Configuration 4 :cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:* Configuration RedHat 1 :cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:* Configuration RedHat 2 :cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:* Configuration RedHat 3 :cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:* Configuration RedHat 4 :cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:* Configuration RedHat 5 :cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:* Configuration RedHat 6 :cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:* Configuration RedHat 7 :cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:* Configuration RedHat 8 :cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:* Configuration RedHat 9 :cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:* Configuration CCN 1 :cpe:/a:freetype:freetype:2.3.3:*:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.0.6:*:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.0.9:*:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.1:*:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.1.10:*:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.1.3:*:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.1.4:-:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.1.5:-:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.2.0:-:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.1.9:*:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.3.4:*:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.1.7:*:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.1.6:*:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.1.8:rc1:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.1.8:-:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.2.10:*:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.2.1:*:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.3.5:*:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.3.9:*:*:*:*:*:*:* AND cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:* OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:* OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:* OR cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:* OR cpe:/o:mandriva:linux:2009.1:*:*:*:*:*:*:* OR cpe:/o:mandriva:linux:2009.1:*:*:*:x86_64:*:*:* OR cpe:/o:mandriva:enterprise_server:5:*:*:*:*:*:*:* OR cpe:/o:mandriva:enterprise_server:5:*:*:*:x86_64:*:*:* OR cpe:/o:mandriva:linux:2010:*:*:*:x86_64:*:*:* OR cpe:/o:mandriva:linux:2010:*:*:*:*:*:*:* Denotes that component is vulnerable Oval Definitions BACK
freetype freetype *
canonical ubuntu linux 6.06
canonical ubuntu linux 8.04
canonical ubuntu linux 9.04
canonical ubuntu linux 9.10
canonical ubuntu linux 10.04
apple mac os x *
debian debian linux 5.0
freetype freetype 2.3.3
freetype freetype 2.0.6
freetype freetype 2.0.9
freetype freetype 2.1
freetype freetype 2.1.10
freetype freetype 2.1.3
freetype freetype 2.1.4
freetype freetype 2.1.5
freetype freetype 2.2
freetype freetype 2.1.9
freetype freetype 2.3.4
freetype freetype 2.1.7
freetype freetype 2.1.6
freetype freetype 2.1.8 rc1
freetype freetype 2.1.8
freetype freetype 2.2.10
freetype freetype 2.2.1
freetype freetype 2.3.5
freetype freetype 2.3.9
redhat enterprise linux 4
redhat enterprise linux 4
redhat enterprise linux 4
redhat enterprise linux 4
mandrakesoft mandrake linux corporate server 4.0
mandrakesoft mandrake linux corporate server 4.0
redhat enterprise linux 5
redhat enterprise linux 5
mandrakesoft mandrake linux 2008.0
redhat enterprise linux 5
mandrakesoft mandrake linux 2008.0
mandriva linux 2009.0
mandriva linux 2009.0 -
debian debian linux 5.0
mandriva linux 2009.1
mandriva linux 2009.1
mandriva enterprise server 5
mandriva enterprise server 5
mandriva linux 2010
mandriva linux 2010