Vulnerability Name: CVE-2010-2520 (CCN-60401) Assigned: 2010-07-13 Published: 2010-07-13 Updated: 2021-03-23 Summary: Heap-based buffer overflow in the Ins_IUP function in truetype/ttinterp.c in FreeType before 2.4.0, when TrueType bytecode support is enabled, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. CVSS v3 Severity: 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): LowAvailibility (A): Low
CVSS v2 Severity: 5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P )3.8 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): HighAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P )5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
Vulnerability Type: CWE-787 Vulnerability Consequences: Gain Access References: Source: MITRE Type: CNACVE-2010-2520 Source: CONFIRM Type: Patch, Third Party Advisoryhttp://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=888cd1843e935fe675cf2ac303116d4ed5b9d54b Source: APPLE Type: Mailing List, Third Party AdvisoryAPPLE-SA-2010-11-10-1 Source: MLIST Type: Mailing List, Release Notes, Third Party Advisory[freetype] 20100712 FreeType 2.4.0 has been released Source: MLIST Type: Mailing List, Third Party Advisory[oss-security] 20100713 Multiple bugs in freetype Source: MLIST Type: Mailing List, Third Party Advisory[oss-security] 20100714 Re: Multiple bugs in freetype Source: CCN Type: SA40586FreeType Multiple Vulnerabilities Source: SECUNIA Type: Third Party Advisory48951 Source: CONFIRM Type: Broken Linkhttp://support.apple.com/kb/HT4435 Source: DEBIAN Type: Third Party AdvisoryDSA-2070 Source: DEBIAN Type: DSA-2070freetype -- several vulnerabilities Source: CCN Type: FreeType Web siteFreeType Source: MANDRIVA Type: Third Party AdvisoryMDVSA-2010:137 Source: CCN Type: OSVDB ID: 66463FreeType truetype/ttinterp.c Ins_IUP Function TrueType Bytecode Support Overflow Source: CCN Type: BID-41663FreeType Versions Prior to 2.4.0 Multiple Remote Vulnerabilities Source: CCN Type: Swiecki Web siteProjects Source: UBUNTU Type: Third Party AdvisoryUSN-963-1 Source: CONFIRM Type: Issue Tracking, Patch, Third Party Advisoryhttps://bugzilla.redhat.com/show_bug.cgi?id=613198 Source: XF Type: UNKNOWNfreetype-truetype-bo(60401) Source: CONFIRM Type: Exploit, Issue Tracking, Third Party Advisoryhttps://savannah.nongnu.org/bugs/?30361 Source: SUSE Type: SUSE-SR:2010:016SUSE Security Summary Report Vulnerable Configuration: Configuration 1 :cpe:/a:freetype:freetype:*:*:*:*:*:*:*:* (Version < 2.4.0)Configuration 2 :cpe:/o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:* OR cpe:/o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:* OR cpe:/o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:* OR cpe:/o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:* OR cpe:/o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:* Configuration 3 :cpe:/o:apple:mac_os_x:*:*:*:*:*:*:*:* (Version < 10.6.5)Configuration 4 :cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:freetype:freetype:2.3.3:*:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.0.6:*:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.0.9:*:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.1:*:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.1.10:*:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.1.3:*:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.1.4:-:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.1.5:-:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.2.0:-:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.1.9:*:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.3.4:*:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.1.7:*:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.1.6:*:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.1.8:rc1:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.1.8:-:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.2.10:*:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.2.1:*:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.3.5:*:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.3.9:*:*:*:*:*:*:* AND cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:* OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:* OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:* OR cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:* OR cpe:/o:mandriva:linux:2009.1:*:*:*:*:*:*:* OR cpe:/o:mandriva:linux:2009.1:*:*:*:x86_64:*:*:* OR cpe:/o:mandriva:enterprise_server:5:*:*:*:*:*:*:* OR cpe:/o:mandriva:enterprise_server:5:*:*:*:x86_64:*:*:* OR cpe:/o:mandriva:linux:2010:*:*:*:x86_64:*:*:* OR cpe:/o:mandriva:linux:2010:*:*:*:*:*:*:* Denotes that component is vulnerable Oval Definitions BACK
freetype freetype *
canonical ubuntu linux 6.06
canonical ubuntu linux 8.04
canonical ubuntu linux 9.04
canonical ubuntu linux 9.10
canonical ubuntu linux 10.04
apple mac os x *
debian debian linux 5.0
freetype freetype 2.3.3
freetype freetype 2.0.6
freetype freetype 2.0.9
freetype freetype 2.1
freetype freetype 2.1.10
freetype freetype 2.1.3
freetype freetype 2.1.4
freetype freetype 2.1.5
freetype freetype 2.2
freetype freetype 2.1.9
freetype freetype 2.3.4
freetype freetype 2.1.7
freetype freetype 2.1.6
freetype freetype 2.1.8 rc1
freetype freetype 2.1.8
freetype freetype 2.2.10
freetype freetype 2.2.1
freetype freetype 2.3.5
freetype freetype 2.3.9
mandrakesoft mandrake linux corporate server 4.0
mandrakesoft mandrake linux corporate server 4.0
mandrakesoft mandrake linux 2008.0
mandrakesoft mandrake linux 2008.0
mandriva linux 2009.0
mandriva linux 2009.0 -
debian debian linux 5.0
mandriva linux 2009.1
mandriva linux 2009.1
mandriva enterprise server 5
mandriva enterprise server 5
mandriva linux 2010
mandriva linux 2010