Published: 26/11/2010 Updated: 26/01/2021

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c in FreeType 2.4.3 and previous versions allows remote malicious users to execute arbitrary code or cause a denial of service (application crash) via a crafted SHZ bytecode instruction, related to TrueType opcodes, as demonstrated by a PDF document with a crafted embedded font.

Vulnerable Product	Search on Vulmon	Subscribe to Product
freetype freetype 2.1.8
freetype freetype 2.1.3
freetype freetype 2.4.1
freetype freetype 2.4.2
freetype freetype 2.3.12
freetype freetype 2.3.11
freetype freetype 2.1.6
freetype freetype 2.3.9
freetype freetype 2.2.1
freetype freetype 2.0.6
freetype freetype 2.3.2
freetype freetype 2.4.0
freetype freetype 1.3.1
freetype freetype
freetype freetype 2.3.4
freetype freetype 2.3.3
freetype freetype 2.1.7
freetype freetype 2.1.4
freetype freetype 2.2.10
freetype freetype 2.3.6
freetype freetype 2.3.5
freetype freetype 2.3.1
freetype freetype 2.0.9
freetype freetype 2.3.0
freetype freetype 2.2.0
freetype freetype 2.1.9
freetype freetype 2.1.10
freetype freetype 2.1.5
freetype freetype 2.3.8
freetype freetype 2.3.7
freetype freetype 2.3.10
freetype freetype 2.1

Debian Bug report logs - #602221 freetype: CVE-2010-3855 and CVE-2010-3814 Package: freetype; Maintainer for freetype is Hugh McMaster <hughmcmaster@outlookcom>; Reported by: Moritz Muehlenhoff <muehlenhoff@univentionde> Date: Tue, 2 Nov 2010 17:06:02 UTC Severity: grave Tags: security Fixed in version freetype/ ...

Marc Schoenefeld discovered that FreeType did not correctly handle certain malformed font files If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges This issue only affected Ubuntu 606 LTS, 804 LTS, 910 and 1004 LTS (CVE-2010-3 ...

Two buffer overflows were found in the Freetype font library, which could lead to the execution of arbitrary code For the stable distribution (lenny), this problem has been fixed in version 237-2+lenny5 For the testing distribution (squeeze), this problem has been fixed in version 242-21 For the unstable distribution (sid), this problem has ...

CWE-119 http://security-tracker.debian.org/tracker/CVE-2010-3814 http://support.apple.com/kb/HT4456 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0edf0986f3be570f5bf90ff245a85c1675f5c9a4 http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=602221 http://www.mandriva.com/security/advisories?name=MDVSA-2010:236 http://www.securitytracker.com/id?1024767 http://www.vupen.com/english/advisories/2010/3046 http://secunia.com/advisories/42314 http://www.ubuntu.com/usn/USN-1013-1 http://www.securityfocus.com/bid/44643 http://secunia.com/advisories/43138 http://www.debian.org/security/2011/dsa-2155 http://www.vupen.com/english/advisories/2011/0246 http://support.apple.com/kb/HT4581 http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://secunia.com/advisories/48951 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=602221 https://usn.ubuntu.com/1013-1/https://nvd.nist.gov

CVE-2010-3814

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect