Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2010-1797

Published: 16/08/2010 Updated: 23/05/2021
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 940
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Apple

Vulnerability Summary

Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType prior to 2.4.2, as used in Apple iOS prior to 4.0.2 on the iPhone and iPod touch and prior to 3.2.2 on the iPad, allow remote malicious users to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apple iphone os 1.0.0

apple iphone os 1.1.0

apple iphone os 1.1.1

apple iphone os 1.1.3

apple iphone os 2.0

apple iphone os 2.0.0

apple iphone os 2.0.2

apple iphone os 2.1

apple iphone os 2.2.1

apple iphone os 2.2

apple iphone os 3.1.2

apple iphone os 1.0.1

apple iphone os 1.1.4

apple iphone os 2.0.1

apple iphone os 2.1.1

apple iphone os 3.0

apple iphone os 3.0.1

apple iphone os 3.1.3

apple iphone os 3.2

apple iphone os 4.0

apple iphone os 1.0.2

apple iphone os 1.1.2

apple iphone os 1.1.5

apple iphone os 3.1

apple iphone os 4.0.1

apple iphone os 3.2.1

Vendor Advisories

Red Hat: Important: freetype security update
Synopsis Important: freetype security update Type/Severity Security Advisory: Important Topic Updated freetype packages that fix two security issues are now availablefor Red Hat Enterprise Linux 3, 4, and 5The Red Hat Security Response Team has rated this update as havingimportant security impact A Common ...
Ubuntu Security Notice: freetype vulnerabilities
It was discovered that FreeType did not correctly handle certain malformed font files If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges ...
Debian Security Advisories: DSA-2105-1 freetype -- several vulnerabilities
Several vulnerabilities have been discovered in the FreeType font library The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-1797 Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgloadc in FreeType allow remote at ...

Exploits

Exploit DB: Foxit Reader 4.0 PDF Jailbreak
Foxit Reader versions 40 and below pdf jailbreak exploit ...
Exploit DB: Foxit Reader 4.0 - '.pdf' Multiple Stack Based Buffer Overflow 'Jailbreak'
import sys,zlib def getFFShellcode(sc): ff_sc = '' if len(sc)%4 != 0: sc += (4-len(sc)%4)*'\x00' for i in range(0,len(sc),4): ff_sc += '\xff'+sc[i+3]+sc[i+2]+sc[i+1]+sc[i] return ff_sc outputHeader = ''' ############################################################################################## # FreeType Compact Font ...
Exploit DB: Apple iOS - '.pdf' Local Privilege Escalation 'Jailbreak'
The files contained in the archive link below are those that make use of a pdf exploit in order to jailbreak devices running Apple iOS These pdf's are of interest in that they originate in userland and give root access to the devices githubcom/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/145387z (ios_pdf_exploit7z) ...

Github Repositories

https://github.com/CUB3D/ipod_sun

iPod Nano 6 hax

ipod_sun Code execution on the iPod nano 6th and 7th generation How? This tool builds a modified firmware image that abuses two iPod bugs in order to gain code execution: 1) Disk swapping By swapping the 'disk' and 'osos' sections in a firmware image, the iPod will boot into the standard RetailOS when holding the buttons for disk mode But, when booting into

References

CWE-119http://support.apple.com/kb/HT4292http://osvdb.org/66828http://lists.apple.com/archives/security-announce/2010//Aug/msg00001.htmlhttp://www.exploit-db.com/exploits/14538http://secunia.com/advisories/40807http://lists.apple.com/archives/security-announce/2010//Aug/msg00000.htmlhttp://support.apple.com/kb/HT4291http://www.securityfocus.com/bid/42151http://www.ubuntu.com/usn/USN-972-1https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019http://www.vupen.com/english/advisories/2010/2106http://www.vupen.com/english/advisories/2010/2018http://www.f-secure.com/weblog/archives/00002002.htmlhttp://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=018f5c27813dd7eef4648fe254632ecea0c85a50http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2https://bugzilla.redhat.com/show_bug.cgi?id=621144http://secunia.com/advisories/40816http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=11d65e8a1f1f14e56148fd991965424d9bd1cdbchttp://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/viewhttp://secunia.com/advisories/40982http://secunia.com/advisories/48951https://exchange.xforce.ibmcloud.com/vulnerabilities/60856https://access.redhat.com/errata/RHSA-2010:0607https://usn.ubuntu.com/972-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/14727/https://www.kb.cert.org/vuls/id/275247
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionfirmwareCVE-2006-4304CVE-2024-32878CVE-2024-31502XSSCVE-2024-3059CVE-2024-33692CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook