CVE-2010-2805

Published: Aug 19, 2010Modified: Apr 29, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.

Affected (9)

Products: Freetype: Freetype · Canonical: Ubuntu Linux · Apple: Iphone Os, Mac Os X, Tvos

1 product

1 product

3 products

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Freetype Freetype	Before 2.4.2

Configuration B

5 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 10.04
Canonical Ubuntu Linux	Version 6.06
Canonical Ubuntu Linux	Version 8.04
Canonical Ubuntu Linux	Version 9.04
Canonical Ubuntu Linux	Version 9.10

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Apple Iphone Os	Before 4.2
Apple Mac Os X	Before 10.6.5
Apple Tvos	Before 4.1.0

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (46)

http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2

Source: secalert@redhat.com

Release NotesThird Party Advisory

http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=45a3c76b547511fa9d97aca34b150a0663257375

Source: secalert@redhat.com

PatchThird Party Advisory

http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://marc.info/?l=oss-security&m=128111955616772&w=2

Source: secalert@redhat.com

Mailing ListPatchThird Party Advisory

http://secunia.com/advisories/40816

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/40982

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/42314

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/42317

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/48951

Source: secalert@redhat.com

Third Party Advisory

http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view

Source: secalert@redhat.com

Third Party Advisory

http://support.apple.com/kb/HT4435

Source: secalert@redhat.com

Broken Link

http://support.apple.com/kb/HT4456

Source: secalert@redhat.com

Third Party Advisory

http://support.apple.com/kb/HT4457

Source: secalert@redhat.com

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2010-0864.html

Source: secalert@redhat.com

Third Party Advisory

http://www.securityfocus.com/bid/42285

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-972-1

Source: secalert@redhat.com

Third Party Advisory

http://www.vupen.com/english/advisories/2010/2018

Source: secalert@redhat.com

Third Party Advisory

http://www.vupen.com/english/advisories/2010/2106

Source: secalert@redhat.com

Third Party Advisory

http://www.vupen.com/english/advisories/2010/3045

Source: secalert@redhat.com

Third Party Advisory

http://www.vupen.com/english/advisories/2010/3046

Source: secalert@redhat.com

Third Party Advisory

https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019

Source: secalert@redhat.com

Issue TrackingRelease NotesThird Party Advisory

https://savannah.nongnu.org/bugs/?30644

Source: secalert@redhat.com

ExploitIssue TrackingThird Party Advisory

http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2