Vulnerability Name: | CVE-2010-2499 (CCN-60398) |
Assigned: | 2010-06-09 |
Published: | 2010-06-09 |
Updated: | 2021-04-06 |
Summary: | Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted LaserWriter PS font file with an embedded PFB fragment. |
CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)Exploitability Metrics: | Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None | Scope: | Scope (S): Unchanged
| Impact Metrics: | Confidentiality (C): Low Integrity (I): Low Availibility (A): Low |
|
CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P) 5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None | Impact Metrics: | Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial | 6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P) 5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
| Impact Metrics: | Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial | 6.8 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P) 5.0 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None | Impact Metrics: | Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial |
|
Vulnerability Type: | CWE-120
|
Vulnerability Consequences: | Gain Access |
References: | Source: MITRE Type: CNA CVE-2010-2499
Source: CONFIRM Type: Patch, Third Party Advisory http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=c69891a1345640096fbf396e8dd567fe879ce233
Source: CONFIRM Type: Patch, Third Party Advisory http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f29f741efbba0a5ce2f16464f648fb8d026ed4c8
Source: APPLE Type: Mailing List, Third Party Advisory APPLE-SA-2010-11-10-1
Source: MLIST Type: Mailing List, Release Notes, Third Party Advisory [freetype] 20100712 FreeType 2.4.0 has been released
Source: MLIST Type: Mailing List, Third Party Advisory [oss-security] 20100713 Multiple bugs in freetype
Source: MLIST Type: Mailing List, Third Party Advisory [oss-security] 20100714 Re: Multiple bugs in freetype
Source: CCN Type: RHSA-2010-0578 Important: freetype security update
Source: CCN Type: SA40586 FreeType Multiple Vulnerabilities
Source: SECUNIA Type: Third Party Advisory 48951
Source: CCN Type: SECTRACK ID: 1024266 FreeType 2 Font File Processing Errors Let Remote Users Execute Arbitrary Code
Source: SECTRACK Type: Third Party Advisory, VDB Entry 1024266
Source: CONFIRM Type: Broken Link http://support.apple.com/kb/HT4435
Source: DEBIAN Type: Third Party Advisory DSA-2070
Source: DEBIAN Type: DSA-2070 freetype -- several vulnerabilities
Source: CCN Type: FreeType Web site FreeType
Source: MANDRIVA Type: Third Party Advisory MDVSA-2010:137
Source: CCN Type: OSVDB ID: 66466 FreeType base/ftobjs.c Mac_Read_POST_Resource Function Crafted LaserWriter PS Font File Handling Overflow
Source: REDHAT Type: Third Party Advisory RHSA-2010:0578
Source: CCN Type: BID-41663 FreeType Versions Prior to 2.4.0 Multiple Remote Vulnerabilities
Source: CCN Type: Swiecki Web site Projects
Source: UBUNTU Type: Third Party Advisory USN-963-1
Source: CONFIRM Type: Issue Tracking, Patch, Third Party Advisory https://bugzilla.redhat.com/show_bug.cgi?id=613162
Source: XF Type: UNKNOWN freetype-fonts-bo(60398)
Source: CONFIRM Type: Exploit, Issue Tracking, Third Party Advisory https://savannah.nongnu.org/bugs/?30248
Source: CONFIRM Type: Issue Tracking, Third Party Advisory https://savannah.nongnu.org/bugs/?30249
Source: SUSE Type: SUSE-SR:2010:016 SUSE Security Summary Report
|
Vulnerable Configuration: | Configuration 1: cpe:/a:freetype:freetype:*:*:*:*:*:*:*:* (Version < 2.4.0) Configuration 2: cpe:/o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*OR cpe:/o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*OR cpe:/o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*OR cpe:/o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*OR cpe:/o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:* Configuration 3: cpe:/o:apple:mac_os_x:*:*:*:*:*:*:*:* (Version < 10.6.5) Configuration 4: cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:* Configuration RedHat 1: cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:* Configuration RedHat 2: cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:* Configuration RedHat 3: cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:* Configuration RedHat 4: cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:* Configuration RedHat 5: cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:* Configuration RedHat 6: cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:* Configuration RedHat 7: cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:* Configuration RedHat 8: cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:* Configuration RedHat 9: cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:* Configuration CCN 1: cpe:/a:freetype:freetype:2.3.3:*:*:*:*:*:*:*OR cpe:/a:freetype:freetype:2.0.6:*:*:*:*:*:*:*OR cpe:/a:freetype:freetype:2.0.9:*:*:*:*:*:*:*OR cpe:/a:freetype:freetype:2.1:*:*:*:*:*:*:*OR cpe:/a:freetype:freetype:2.1.10:*:*:*:*:*:*:*OR cpe:/a:freetype:freetype:2.1.3:*:*:*:*:*:*:*OR cpe:/a:freetype:freetype:2.1.4:-:*:*:*:*:*:*OR cpe:/a:freetype:freetype:2.1.5:-:*:*:*:*:*:*OR cpe:/a:freetype:freetype:2.2.0:-:*:*:*:*:*:*OR cpe:/a:freetype:freetype:2.1.9:*:*:*:*:*:*:*OR cpe:/a:freetype:freetype:2.3.4:*:*:*:*:*:*:*OR cpe:/a:freetype:freetype:2.1.7:*:*:*:*:*:*:*OR cpe:/a:freetype:freetype:2.1.6:*:*:*:*:*:*:*OR cpe:/a:freetype:freetype:2.1.8:rc1:*:*:*:*:*:*OR cpe:/a:freetype:freetype:2.1.8:-:*:*:*:*:*:*OR cpe:/a:freetype:freetype:2.2.10:*:*:*:*:*:*:*OR cpe:/a:freetype:freetype:2.2.1:*:*:*:*:*:*:*OR cpe:/a:freetype:freetype:2.3.5:*:*:*:*:*:*:*OR cpe:/a:freetype:freetype:2.3.9:*:*:*:*:*:*:*AND cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:*OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:*OR cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:*OR cpe:/o:mandriva:linux:2009.1:*:*:*:*:*:*:*OR cpe:/o:mandriva:linux:2009.1:*:*:*:x86_64:*:*:*OR cpe:/o:mandriva:enterprise_server:5:*:*:*:*:*:*:*OR cpe:/o:mandriva:enterprise_server:5:*:*:*:x86_64:*:*:*OR cpe:/o:mandriva:linux:2010:*:*:*:x86_64:*:*:*OR cpe:/o:mandriva:linux:2010:*:*:*:*:*:*:*
Denotes that component is vulnerable |
Oval Definitions |
|
BACK |
freetype freetype *
canonical ubuntu linux 6.06
canonical ubuntu linux 8.04
canonical ubuntu linux 9.04
canonical ubuntu linux 9.10
canonical ubuntu linux 10.04
apple mac os x *
debian debian linux 5.0
freetype freetype 2.3.3
freetype freetype 2.0.6
freetype freetype 2.0.9
freetype freetype 2.1
freetype freetype 2.1.10
freetype freetype 2.1.3
freetype freetype 2.1.4
freetype freetype 2.1.5
freetype freetype 2.2
freetype freetype 2.1.9
freetype freetype 2.3.4
freetype freetype 2.1.7
freetype freetype 2.1.6
freetype freetype 2.1.8 rc1
freetype freetype 2.1.8
freetype freetype 2.2.10
freetype freetype 2.2.1
freetype freetype 2.3.5
freetype freetype 2.3.9
redhat enterprise linux 4
redhat enterprise linux 4
redhat enterprise linux 4
redhat enterprise linux 4
mandrakesoft mandrake linux corporate server 4.0
mandrakesoft mandrake linux corporate server 4.0
redhat enterprise linux 5
redhat enterprise linux 5
mandrakesoft mandrake linux 2008.0
redhat enterprise linux 5
mandrakesoft mandrake linux 2008.0
mandriva linux 2009.0
mandriva linux 2009.0 -
debian debian linux 5.0
mandriva linux 2009.1
mandriva linux 2009.1
mandriva enterprise server 5
mandriva enterprise server 5
mandriva linux 2010
mandriva linux 2010