Vulnerability Name: CVE-2010-2806 (CCN-61248) Assigned: 2010-08-05 Published: 2010-08-05 Updated: 2023-02-13 Summary: Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow. CVSS v3 Severity: 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): LowAvailibility (A): Low
CVSS v2 Severity: 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P 5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P 5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
6.8 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P 5.0 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
Vulnerability Type: CWE-122 Vulnerability Consequences: Gain Access References: Source: MITRECVE-2010-2806 secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com Important: freetype security update Important: freetype security update Important: freetype security update FreeType2 CFF Font Parsing Vulnerabilities Apple iOS Multiple Vulnerabilities Apple TV Multiple Vulnerabilities secalert@redhat.com secalert@redhat.com About the security content of iOS 4.2 secalert@redhat.com secalert@redhat.com freetype -- several vulnerabilities FreeType FreeType type42/t42parse.c t42_parse_sfnts Function Array Index Error FontType42 File Handling Overflow secalert@redhat.com FreeType Stack Buffer Overflow and Memory Corruption Vulnerabilities secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com FreeType security fixes in 2.4.2 secalert@redhat.com secalert@redhat.com freetype-t42parsesfnts-bo(61248) secalert@redhat.com secalert@redhat.com secalert@redhat.com SUSE Security Summary Report Vulnerable Configuration: Configuration RedHat 1 :cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:* Configuration RedHat 2 :cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:* Configuration RedHat 3 :cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:* Configuration RedHat 4 :cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:* Configuration RedHat 5 :cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:* Configuration RedHat 6 :cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:* Configuration RedHat 7 :cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:* Configuration RedHat 8 :cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:* Configuration RedHat 9 :cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:* Configuration RedHat 10 :cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:* Configuration RedHat 11 :cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:* Configuration RedHat 12 :cpe:/o:redhat:enterprise_linux:6::computenode:*:*:*:*:* Configuration RedHat 13 :cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:* Configuration RedHat 14 :cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:* Configuration CCN 1 :cpe:/a:freetype:freetype:2.3.3:*:*:*:*:*:*:* OR cpe:/o:apple:iphone_os:2.0.0:-:ipodtouch:*:*:*:*:* OR cpe:/o:apple:iphone_os:2.0.1:*:*:*:*:*:*:* OR cpe:/o:apple:iphone_os:2.0.1:-:ipodtouch:*:*:*:*:* OR cpe:/o:apple:iphone_os:2.0.2:*:*:*:*:*:*:* OR cpe:/o:apple:iphone_os:2.0.2:-:ipodtouch:*:*:*:*:* OR cpe:/a:freetype:freetype:2.0.6:*:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.0.9:*:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.1:*:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.1.10:*:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.1.3:*:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.1.4:-:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.1.5:-:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.2.0:-:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.1.9:*:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.3.4:*:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.1.7:*:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.1.6:*:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.1.8:rc1:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.1.8:-:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.2.10:*:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.2.1:*:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.3.5:*:*:*:*:*:*:* OR cpe:/a:freetype:freetype:2.3.9:*:*:*:*:*:*:* OR cpe:/o:apple:iphone_os:2.1:*:*:*:*:*:*:* OR cpe:/o:apple:iphone_os:2.0:*:*:*:*:*:*:* OR cpe:/o:apple:iphone_os:3.0:*:*:*:*:*:*:* OR cpe:/o:apple:iphone_os:3.1:*:*:*:*:*:*:* OR cpe:/o:apple:iphone_os:3.1.2:*:*:*:*:*:*:* OR cpe:/o:apple:iphone_os:3.1.3:*:*:*:*:*:*:* OR cpe:/o:apple:ios:4.0:*:*:*:*:*:*:* OR cpe:/o:apple:ios:4.0.1:*:*:*:*:*:*:* OR cpe:/o:apple:iphone_os:2.1:-:ipodtouch:*:*:*:*:* OR cpe:/o:apple:iphone_os:3.0:-:ipodtouch:*:*:*:*:* OR cpe:/o:apple:iphone_os:3.1.2:-:ipodtouch:*:*:*:*:* OR cpe:/o:apple:iphone_os:3.1:-:ipodtouch:*:*:*:*:* OR cpe:/o:apple:ios:4.0.1:-:ipodtouch:*:*:*:*:* OR cpe:/o:apple:ios:4.0:-:ipodtouch:*:*:*:*:* AND cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:x86-64:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:* OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:* OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:* OR cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:* OR cpe:/o:mandriva:linux:2009.1:*:*:*:*:*:*:* OR cpe:/o:mandriva:linux:2009.1:*:*:*:x86_64:*:*:* OR cpe:/h:apple:ipad:*:*:*:*:*:*:*:* OR cpe:/o:mandriva:enterprise_server:5:*:*:*:*:*:*:* OR cpe:/o:mandriva:enterprise_server:5:*:*:*:x86_64:*:*:* OR cpe:/o:mandriva:linux:2010:*:*:*:x86_64:*:*:* OR cpe:/o:mandriva:linux:2010:*:*:*:*:*:*:* OR cpe:/o:apple:tvos:4.0:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:6:*:server:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:6:*:workstation:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:* Oval Definitions BACK
freetype freetype 2.3.3
apple iphone os 2.0.0 -
apple iphone os 2.0.1
apple iphone os 2.0.1 -
apple iphone os 2.0.2
apple iphone os 2.0.2 -
freetype freetype 2.0.6
freetype freetype 2.0.9
freetype freetype 2.1
freetype freetype 2.1.10
freetype freetype 2.1.3
freetype freetype 2.1.4
freetype freetype 2.1.5
freetype freetype 2.2
freetype freetype 2.1.9
freetype freetype 2.3.4
freetype freetype 2.1.7
freetype freetype 2.1.6
freetype freetype 2.1.8 rc1
freetype freetype 2.1.8
freetype freetype 2.2.10
freetype freetype 2.2.1
freetype freetype 2.3.5
freetype freetype 2.3.9
apple iphone os 2.1
apple iphone os 2.0
apple iphone os 3.0
apple iphone os 3.1
apple iphone os 3.1.2
apple iphone os 3.1.3
apple iphone os 4.0
apple iphone os 4.0.1
apple iphone os 2.1 -
apple iphone os 3.0 -
apple iphone os 3.1.2 -
apple iphone os 3.1 -
apple iphone os 4.0.1 -
apple iphone os 4.0 -
redhat enterprise linux 3
redhat enterprise linux 3
redhat enterprise linux 3
redhat enterprise linux 3
redhat enterprise linux 4
redhat enterprise linux 4
redhat enterprise linux 4
redhat enterprise linux 4
mandrakesoft mandrake linux corporate server 4.0
mandrakesoft mandrake linux corporate server 4.0
redhat enterprise linux 5
redhat enterprise linux 5
mandrakesoft mandrake linux 2008.0
redhat enterprise linux 5
mandrakesoft mandrake linux 2008.0
mandriva linux 2009.0
mandriva linux 2009.0 -
debian debian linux 5.0
mandriva linux 2009.1
mandriva linux 2009.1
apple ipad *
mandriva enterprise server 5
mandriva enterprise server 5
mandriva linux 2010
mandriva linux 2010
apple apple tv 4.0
redhat enterprise linux 6
redhat enterprise linux 6
redhat enterprise linux desktop 6
redhat enterprise linux hpc node 6
Denotes that component is vulnerable