Vulnerability Name: | CVE-2010-2806 (CCN-61248) |
Assigned: | 2010-08-05 |
Published: | 2010-08-05 |
Updated: | 2023-02-13 |
Summary: | Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow. |
CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)Exploitability Metrics: | Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None | Scope: | Scope (S): Unchanged
| Impact Metrics: | Confidentiality (C): Low Integrity (I): Low Availibility (A): Low |
|
CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P) 5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None | Impact Metrics: | Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial | 6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P) 5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
| Impact Metrics: | Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial | 6.8 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P) 5.0 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None | Impact Metrics: | Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial |
|
Vulnerability Type: | CWE-122
|
Vulnerability Consequences: | Gain Access |
References: | Source: MITRE Type: CNA CVE-2010-2806
Source: secalert@redhat.com Type: Release Notes, Third Party Advisory secalert@redhat.com
Source: secalert@redhat.com Type: Patch, Third Party Advisory secalert@redhat.com
Source: secalert@redhat.com Type: Mailing List, Third Party Advisory secalert@redhat.com
Source: secalert@redhat.com Type: Mailing List, Third Party Advisory secalert@redhat.com
Source: secalert@redhat.com Type: Mailing List, Patch, Third Party Advisory secalert@redhat.com
Source: CCN Type: RHSA-2010-0736 Important: freetype security update
Source: CCN Type: RHSA-2010-0737 Important: freetype security update
Source: CCN Type: RHSA-2010-0864 Important: freetype security update
Source: CCN Type: SA40816 FreeType2 CFF Font Parsing Vulnerabilities
Source: CCN Type: SA42314 Apple iOS Multiple Vulnerabilities
Source: CCN Type: SA42317 Apple TV Multiple Vulnerabilities
Source: secalert@redhat.com Type: Third Party Advisory secalert@redhat.com
Source: secalert@redhat.com Type: Broken Link secalert@redhat.com
Source: CCN Type: Apple Web site About the security content of iOS 4.2
Source: secalert@redhat.com Type: Third Party Advisory secalert@redhat.com
Source: secalert@redhat.com Type: Third Party Advisory secalert@redhat.com
Source: DEBIAN Type: DSA-2105 freetype -- several vulnerabilities
Source: CCN Type: FreeType Web site FreeType
Source: CCN Type: OSVDB ID: 67303 FreeType type42/t42parse.c t42_parse_sfnts Function Array Index Error FontType42 File Handling Overflow
Source: secalert@redhat.com Type: Third Party Advisory secalert@redhat.com
Source: CCN Type: BID-42285 FreeType Stack Buffer Overflow and Memory Corruption Vulnerabilities
Source: secalert@redhat.com Type: Third Party Advisory, VDB Entry secalert@redhat.com
Source: secalert@redhat.com Type: Third Party Advisory secalert@redhat.com
Source: secalert@redhat.com Type: Third Party Advisory secalert@redhat.com
Source: secalert@redhat.com Type: Third Party Advisory secalert@redhat.com
Source: secalert@redhat.com Type: Third Party Advisory secalert@redhat.com
Source: secalert@redhat.com Type: Third Party Advisory secalert@redhat.com
Source: CCN Type: Bug #617019 FreeType security fixes in 2.4.2
Source: secalert@redhat.com Type: Issue Tracking, Release Notes, Third Party Advisory secalert@redhat.com
Source: secalert@redhat.com Type: Issue Tracking, Patch, Third Party Advisory secalert@redhat.com
Source: XF Type: UNKNOWN freetype-t42parsesfnts-bo(61248)
Source: secalert@redhat.com Type: Broken Link secalert@redhat.com
Source: secalert@redhat.com Type: Broken Link secalert@redhat.com
Source: secalert@redhat.com Type: Exploit, Third Party Advisory secalert@redhat.com
Source: SUSE Type: SUSE-SR:2010:016 SUSE Security Summary Report
|
Vulnerable Configuration: | Configuration RedHat 1: cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*Configuration RedHat 2: cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*Configuration RedHat 3: cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*Configuration RedHat 4: cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*Configuration RedHat 5: cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*Configuration RedHat 6: cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*Configuration RedHat 7: cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*Configuration RedHat 8: cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*Configuration RedHat 9: cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*Configuration RedHat 10: cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*Configuration RedHat 11: cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*Configuration RedHat 12: cpe:/o:redhat:enterprise_linux:6::computenode:*:*:*:*:*Configuration RedHat 13: cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*Configuration RedHat 14: cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:* Configuration CCN 1: cpe:/a:freetype:freetype:2.3.3:*:*:*:*:*:*:*OR cpe:/o:apple:iphone_os:2.0.0:-:ipodtouch:*:*:*:*:*OR cpe:/o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*OR cpe:/o:apple:iphone_os:2.0.1:-:ipodtouch:*:*:*:*:*OR cpe:/o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*OR cpe:/o:apple:iphone_os:2.0.2:-:ipodtouch:*:*:*:*:*OR cpe:/a:freetype:freetype:2.0.6:*:*:*:*:*:*:*OR cpe:/a:freetype:freetype:2.0.9:*:*:*:*:*:*:*OR cpe:/a:freetype:freetype:2.1:*:*:*:*:*:*:*OR cpe:/a:freetype:freetype:2.1.10:*:*:*:*:*:*:*OR cpe:/a:freetype:freetype:2.1.3:*:*:*:*:*:*:*OR cpe:/a:freetype:freetype:2.1.4:-:*:*:*:*:*:*OR cpe:/a:freetype:freetype:2.1.5:-:*:*:*:*:*:*OR cpe:/a:freetype:freetype:2.2.0:-:*:*:*:*:*:*OR cpe:/a:freetype:freetype:2.1.9:*:*:*:*:*:*:*OR cpe:/a:freetype:freetype:2.3.4:*:*:*:*:*:*:*OR cpe:/a:freetype:freetype:2.1.7:*:*:*:*:*:*:*OR cpe:/a:freetype:freetype:2.1.6:*:*:*:*:*:*:*OR cpe:/a:freetype:freetype:2.1.8:rc1:*:*:*:*:*:*OR cpe:/a:freetype:freetype:2.1.8:-:*:*:*:*:*:*OR cpe:/a:freetype:freetype:2.2.10:*:*:*:*:*:*:*OR cpe:/a:freetype:freetype:2.2.1:*:*:*:*:*:*:*OR cpe:/a:freetype:freetype:2.3.5:*:*:*:*:*:*:*OR cpe:/a:freetype:freetype:2.3.9:*:*:*:*:*:*:*OR cpe:/o:apple:iphone_os:2.1:*:*:*:*:*:*:*OR cpe:/o:apple:iphone_os:2.0:*:*:*:*:*:*:*OR cpe:/o:apple:iphone_os:3.0:*:*:*:*:*:*:*OR cpe:/o:apple:iphone_os:3.1:*:*:*:*:*:*:*OR cpe:/o:apple:iphone_os:3.1.2:*:*:*:*:*:*:*OR cpe:/o:apple:iphone_os:3.1.3:*:*:*:*:*:*:*OR cpe:/o:apple:ios:4.0:*:*:*:*:*:*:*OR cpe:/o:apple:ios:4.0.1:*:*:*:*:*:*:*OR cpe:/o:apple:iphone_os:2.1:-:ipodtouch:*:*:*:*:*OR cpe:/o:apple:iphone_os:3.0:-:ipodtouch:*:*:*:*:*OR cpe:/o:apple:iphone_os:3.1.2:-:ipodtouch:*:*:*:*:*OR cpe:/o:apple:iphone_os:3.1:-:ipodtouch:*:*:*:*:*OR cpe:/o:apple:ios:4.0.1:-:ipodtouch:*:*:*:*:*OR cpe:/o:apple:ios:4.0:-:ipodtouch:*:*:*:*:*AND cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:x86-64:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:*OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:*OR cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:*OR cpe:/o:mandriva:linux:2009.1:*:*:*:*:*:*:*OR cpe:/o:mandriva:linux:2009.1:*:*:*:x86_64:*:*:*OR cpe:/h:apple:ipad:*:*:*:*:*:*:*:*OR cpe:/o:mandriva:enterprise_server:5:*:*:*:*:*:*:*OR cpe:/o:mandriva:enterprise_server:5:*:*:*:x86_64:*:*:*OR cpe:/o:mandriva:linux:2010:*:*:*:x86_64:*:*:*OR cpe:/o:mandriva:linux:2010:*:*:*:*:*:*:*OR cpe:/o:apple:tvos:4.0:*:*:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:6:*:server:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:6:*:workstation:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*
Denotes that component is vulnerable |
Oval Definitions |
|
BACK |
freetype freetype 2.3.3
apple iphone os 2.0.0 -
apple iphone os 2.0.1
apple iphone os 2.0.1 -
apple iphone os 2.0.2
apple iphone os 2.0.2 -
freetype freetype 2.0.6
freetype freetype 2.0.9
freetype freetype 2.1
freetype freetype 2.1.10
freetype freetype 2.1.3
freetype freetype 2.1.4
freetype freetype 2.1.5
freetype freetype 2.2
freetype freetype 2.1.9
freetype freetype 2.3.4
freetype freetype 2.1.7
freetype freetype 2.1.6
freetype freetype 2.1.8 rc1
freetype freetype 2.1.8
freetype freetype 2.2.10
freetype freetype 2.2.1
freetype freetype 2.3.5
freetype freetype 2.3.9
apple iphone os 2.1
apple iphone os 2.0
apple iphone os 3.0
apple iphone os 3.1
apple iphone os 3.1.2
apple iphone os 3.1.3
apple iphone os 4.0
apple iphone os 4.0.1
apple iphone os 2.1 -
apple iphone os 3.0 -
apple iphone os 3.1.2 -
apple iphone os 3.1 -
apple iphone os 4.0.1 -
apple iphone os 4.0 -
redhat enterprise linux 3
redhat enterprise linux 3
redhat enterprise linux 3
redhat enterprise linux 3
redhat enterprise linux 4
redhat enterprise linux 4
redhat enterprise linux 4
redhat enterprise linux 4
mandrakesoft mandrake linux corporate server 4.0
mandrakesoft mandrake linux corporate server 4.0
redhat enterprise linux 5
redhat enterprise linux 5
mandrakesoft mandrake linux 2008.0
redhat enterprise linux 5
mandrakesoft mandrake linux 2008.0
mandriva linux 2009.0
mandriva linux 2009.0 -
debian debian linux 5.0
mandriva linux 2009.1
mandriva linux 2009.1
apple ipad *
mandriva enterprise server 5
mandriva enterprise server 5
mandriva linux 2010
mandriva linux 2010
apple apple tv 4.0
redhat enterprise linux 6
redhat enterprise linux 6
redhat enterprise linux desktop 6
redhat enterprise linux hpc node 6