Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2010-3855

Published: 26/11/2010 Updated: 13/02/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Freetype

Vulnerability Summary

Buffer overflow in the ft_var_readpackedpoints function in truetype/ttgxvar.c in FreeType 2.4.3 and previous versions allows remote malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TrueType GX font.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

freetype freetype 2.4.0

freetype freetype 2.4.2

freetype freetype 2.3.6

freetype freetype 2.1.9

freetype freetype 2.1.10

freetype freetype 2.3.4

freetype freetype 2.3.5

freetype freetype 2.1

freetype freetype 2.1.5

freetype freetype 2.3.10

freetype freetype 1.3.1

freetype freetype 2.1.8

freetype freetype 2.2.10

freetype freetype 2.2.1

freetype freetype 2.1.3

freetype freetype 2.3.3

freetype freetype 2.1.6

freetype freetype 2.3.0

freetype freetype 2.3.1

freetype freetype

freetype freetype 2.4.1

freetype freetype 2.0.9

freetype freetype 2.3.7

freetype freetype 2.0.6

freetype freetype 2.3.8

freetype freetype 2.3.11

freetype freetype 2.3.2

freetype freetype 2.3.12

freetype freetype 2.3.9

freetype freetype 2.1.7

freetype freetype 2.1.4

freetype freetype 2.2.0

Vendor Advisories

Debian CVElist Bug Report Logs: freetype: CVE-2010-3855 and CVE-2010-3814
Debian Bug report logs - #602221 freetype: CVE-2010-3855 and CVE-2010-3814 Package: freetype; Maintainer for freetype is Hugh McMaster <hughmcmaster@outlookcom>; Reported by: Moritz Muehlenhoff <muehlenhoff@univentionde> Date: Tue, 2 Nov 2010 17:06:02 UTC Severity: grave Tags: security Fixed in version freetype/ ...
Ubuntu Security Notice: freetype vulnerabilities
Marc Schoenefeld discovered that FreeType did not correctly handle certain malformed font files If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges This issue only affected Ubuntu 606 LTS, 804 LTS, 910 and 1004 LTS (CVE-2010-3 ...
Debian Security Advisories: DSA-2155-1 freetype -- several vulnerabilities
Two buffer overflows were found in the Freetype font library, which could lead to the execution of arbitrary code For the stable distribution (lenny), this problem has been fixed in version 237-2+lenny5 For the testing distribution (squeeze), this problem has been fixed in version 242-21 For the unstable distribution (sid), this problem has ...

References

CWE-119http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=602221http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=59eb9f8cfe7d1df379a2318316d1f04f80fba54ahttps://savannah.nongnu.org/bugs/?31310http://www.mandriva.com/security/advisories?name=MDVSA-2010:236http://www.redhat.com/support/errata/RHSA-2010-0889.htmlhttp://secunia.com/advisories/42295http://www.mandriva.com/security/advisories?name=MDVSA-2010:235http://secunia.com/advisories/42289http://www.securitytracker.com/id?1024745http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051251.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-November/051231.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-November/050965.htmlhttp://www.vupen.com/english/advisories/2010/3037http://www.ubuntu.com/usn/USN-1013-1http://secunia.com/advisories/43138http://www.vupen.com/english/advisories/2011/0246http://www.debian.org/security/2011/dsa-2155http://support.avaya.com/css/P8/documents/100122733http://www.securityfocus.com/bid/44214http://lists.apple.com/archives/security-announce/2011//Mar/msg00005.htmlhttp://support.apple.com/kb/HT4564http://support.apple.com/kb/HT4565http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.htmlhttp://support.apple.com/kb/HT4581http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.htmlhttp://support.apple.com/kb/HT4802http://lists.apple.com/archives/security-announce/2011//Jul/msg00001.htmlhttp://lists.apple.com/archives/security-announce/2011//Jul/msg00000.htmlhttp://support.apple.com/kb/HT4803http://secunia.com/advisories/48951https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=602221https://usn.ubuntu.com/1013-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook