Vulnerability Name: CVE-2010-2806 (CCN-61248) Assigned: 2010-08-05 Published: 2010-08-05 Updated: 2023-02-13 Summary: Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow. CVSS v3 Severity: 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): LowAvailibility (A): Low
CVSS v2 Severity: 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P )5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P )5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
6.8 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P )5.0 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
Vulnerability Type: CWE-122 Vulnerability Consequences: Gain Access References: Source: MITRE Type: CNACVE-2010-2806 Source: secalert@redhat.com Type: Release Notes, Third Party Advisorysecalert@redhat.com Source: secalert@redhat.com Type: Patch, Third Party Advisorysecalert@redhat.com Source: secalert@redhat.com Type: Mailing List, Third Party Advisorysecalert@redhat.com Source: secalert@redhat.com Type: Mailing List, Third Party Advisorysecalert@redhat.com Source: secalert@redhat.com Type: Mailing List, Patch, Third Party Advisorysecalert@redhat.com Source: CCN Type: RHSA-2010-0736Important: freetype security update Source: CCN Type: RHSA-2010-0737Important: freetype security update Source: CCN Type: RHSA-2010-0864Important: freetype security update Source: CCN Type: SA40816FreeType2 CFF Font Parsing Vulnerabilities Source: CCN Type: SA42314Apple iOS Multiple Vulnerabilities Source: CCN Type: SA42317Apple TV Multiple Vulnerabilities Source: secalert@redhat.com Type: Third Party Advisorysecalert@redhat.com Source: secalert@redhat.com Type: Broken Linksecalert@redhat.com Source: CCN Type: Apple Web siteAbout the security content of iOS 4.2 Source: secalert@redhat.com Type: Third Party Advisorysecalert@redhat.com Source: secalert@redhat.com Type: Third Party Advisorysecalert@redhat.com Source: DEBIAN Type: DSA-2105freetype -- several vulnerabilities Source: CCN Type: FreeType Web siteFreeType Source: CCN Type: OSVDB ID: 67303FreeType type42/t42parse.c t42_parse_sfnts Function Array Index Error FontType42 File Handling Overflow Source: secalert@redhat.com Type: Third Party Advisorysecalert@redhat.com Source: CCN Type: BID-42285FreeType Stack Buffer Overflow and Memory Corruption Vulnerabilities Source: secalert@redhat.com Type: Third Party Advisory, VDB Entrysecalert@redhat.com Source: secalert@redhat.com Type: Third Party Advisorysecalert@redhat.com Source: secalert@redhat.com Type: Third Party Advisorysecalert@redhat.com Source: secalert@redhat.com Type: Third Party Advisorysecalert@redhat.com Source: secalert@redhat.com Type: Third Party Advisorysecalert@redhat.com Source: secalert@redhat.com Type: Third Party Advisorysecalert@redhat.com Source: CCN Type: Bug #617019 FreeType security fixes in 2.4.2 Source: secalert@redhat.com Type: Issue Tracking, Release Notes, Third Party Advisorysecalert@redhat.com Source: secalert@redhat.com Type: Issue Tracking, Patch, Third Party Advisorysecalert@redhat.com Source: XF Type: UNKNOWNfreetype-t42parsesfnts-bo(61248) Source: secalert@redhat.com Type: Broken Linksecalert@redhat.com Source: secalert@redhat.com Type: Broken Linksecalert@redhat.com Source: secalert@redhat.com Type: Exploit, Third Party Advisorysecalert@redhat.com Source: SUSE Type: SUSE-SR:2010:016SUSE Security Summary Report Vulnerable Configuration: Configuration RedHat 1 :cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:* Configuration RedHat 2 :cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:* Configuration RedHat 3 :cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:* Configuration RedHat 4 :cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:* Configuration RedHat 5 :cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:* Configuration RedHat 6 :cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:* Configuration RedHat 7 :cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:* Configuration RedHat 8 :cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:* Configuration RedHat 9 :cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:* Configuration RedHat 10 :cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:* Configuration RedHat 11 :cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:* Configuration RedHat 12 :cpe:/o:redhat:enterprise_linux:6::computenode:*:*:*:*:* Configuration RedHat 13 :cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:* Configuration RedHat 14 :cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:* Configuration CCN 1 :cpe:/a:freetype:freetype:2.3.3:*:*:*:*:*:*:* OR cpe:/o:apple:iphone_os:2.0.0:-:ipodtouch:*:*:*:*:* OR cpe:/o:apple:iphone_os:2.0.1:*:*:*:*:*:*:* OR cpe:/o:apple:iphone_os:2.0.1:-:ipodtouch:*:*:*:*:* OR cpe:/o:apple:iphone_os:2.0.2:*:*:*:*:*:*:* OR cpe:/o:apple:iphone_os:2.0.2:-:ipodtouch:*:*:*:*:* OR cpe:/a:freetype:freetype:2.0.6:*:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.0.9:*:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.1:*:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.1.10:*:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.1.3:*:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.1.4:-:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.1.5:-:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.2.0:-:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.1.9:*:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.3.4:*:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.1.7:*:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.1.6:*:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.1.8:rc1:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.1.8:-:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.2.10:*:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.2.1:*:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.3.5:*:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.3.9:*:*:*:*:*:*:* OR cpe:/o:apple:iphone_os:2.1:*:*:*:*:*:*:* OR cpe:/o:apple:iphone_os:2.0:*:*:*:*:*:*:* OR cpe:/o:apple:iphone_os:3.0:*:*:*:*:*:*:* OR cpe:/o:apple:iphone_os:3.1:*:*:*:*:*:*:* OR cpe:/o:apple:iphone_os:3.1.2:*:*:*:*:*:*:* OR cpe:/o:apple:iphone_os:3.1.3:*:*:*:*:*:*:* OR cpe:/o:apple:ios:4.0:*:*:*:*:*:*:* OR cpe:/o:apple:ios:4.0.1:*:*:*:*:*:*:* OR cpe:/o:apple:iphone_os:2.1:-:ipodtouch:*:*:*:*:* OR cpe:/o:apple:iphone_os:3.0:-:ipodtouch:*:*:*:*:* OR cpe:/o:apple:iphone_os:3.1.2:-:ipodtouch:*:*:*:*:* OR cpe:/o:apple:iphone_os:3.1:-:ipodtouch:*:*:*:*:* OR cpe:/o:apple:ios:4.0.1:-:ipodtouch:*:*:*:*:* OR cpe:/o:apple:ios:4.0:-:ipodtouch:*:*:*:*:* AND cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:x86-64:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:* OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:* OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:* OR cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:* OR cpe:/o:mandriva:linux:2009.1:*:*:*:*:*:*:* OR cpe:/o:mandriva:linux:2009.1:*:*:*:x86_64:*:*:* OR cpe:/h:apple:ipad:*:*:*:*:*:*:*:* OR cpe:/o:mandriva:enterprise_server:5:*:*:*:*:*:*:* OR cpe:/o:mandriva:enterprise_server:5:*:*:*:x86_64:*:*:* OR cpe:/o:mandriva:linux:2010:*:*:*:x86_64:*:*:* OR cpe:/o:mandriva:linux:2010:*:*:*:*:*:*:* OR cpe:/o:apple:tvos:4.0:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:6:*:server:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:6:*:workstation:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:* Denotes that component is vulnerable Oval Definitions BACK
freetype freetype 2.3.3
apple iphone os 2.0.0 -
apple iphone os 2.0.1
apple iphone os 2.0.1 -
apple iphone os 2.0.2
apple iphone os 2.0.2 -
freetype freetype 2.0.6
freetype freetype 2.0.9
freetype freetype 2.1
freetype freetype 2.1.10
freetype freetype 2.1.3
freetype freetype 2.1.4
freetype freetype 2.1.5
freetype freetype 2.2
freetype freetype 2.1.9
freetype freetype 2.3.4
freetype freetype 2.1.7
freetype freetype 2.1.6
freetype freetype 2.1.8 rc1
freetype freetype 2.1.8
freetype freetype 2.2.10
freetype freetype 2.2.1
freetype freetype 2.3.5
freetype freetype 2.3.9
apple iphone os 2.1
apple iphone os 2.0
apple iphone os 3.0
apple iphone os 3.1
apple iphone os 3.1.2
apple iphone os 3.1.3
apple iphone os 4.0
apple iphone os 4.0.1
apple iphone os 2.1 -
apple iphone os 3.0 -
apple iphone os 3.1.2 -
apple iphone os 3.1 -
apple iphone os 4.0.1 -
apple iphone os 4.0 -
redhat enterprise linux 3
redhat enterprise linux 3
redhat enterprise linux 3
redhat enterprise linux 3
redhat enterprise linux 4
redhat enterprise linux 4
redhat enterprise linux 4
redhat enterprise linux 4
mandrakesoft mandrake linux corporate server 4.0
mandrakesoft mandrake linux corporate server 4.0
redhat enterprise linux 5
redhat enterprise linux 5
mandrakesoft mandrake linux 2008.0
redhat enterprise linux 5
mandrakesoft mandrake linux 2008.0
mandriva linux 2009.0
mandriva linux 2009.0 -
debian debian linux 5.0
mandriva linux 2009.1
mandriva linux 2009.1
apple ipad *
mandriva enterprise server 5
mandriva enterprise server 5
mandriva linux 2010
mandriva linux 2010
apple apple tv 4.0
redhat enterprise linux 6
redhat enterprise linux 6
redhat enterprise linux desktop 6
redhat enterprise linux hpc node 6