CVE-2010-3053

Published: Aug 19, 2010Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) via a crafted BDF font file, related to an attempted modification of a value in a static string.

Affected (30)

Products: Freetype: Freetype

1 product

Configuration A

30 vulnerable

Vulnerable Software	Affected Versions
Freetype Freetype	Up to 2.4.1
Freetype Freetype	Version 1.3.1
Freetype Freetype	Version 2.0.6
Freetype Freetype	Version 2.0.9
Freetype Freetype	Version 2.1.10
Freetype Freetype	Version 2.1.3
Freetype Freetype	Version 2.1.4
Freetype Freetype	Version 2.1.5
Freetype Freetype	Version 2.1.6
Freetype Freetype	Version 2.1.7
Freetype Freetype	Version 2.1.8
Freetype Freetype	Version 2.1.9
Freetype Freetype	Version 2.1
Freetype Freetype	Version 2.2.0
Freetype Freetype	Version 2.2.10
Freetype Freetype	Version 2.2.1
Freetype Freetype	Version 2.3.0
Freetype Freetype	Version 2.3.10
Freetype Freetype	Version 2.3.11
Freetype Freetype	Version 2.3.12
Freetype Freetype	Version 2.3.1
Freetype Freetype	Version 2.3.2
Freetype Freetype	Version 2.3.3
Freetype Freetype	Version 2.3.4
Freetype Freetype	Version 2.3.5
Freetype Freetype	Version 2.3.6
Freetype Freetype	Version 2.3.7
Freetype Freetype	Version 2.3.8
Freetype Freetype	Version 2.3.9
Freetype Freetype	Version 2.4.0

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (24)

http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html

Source: cve@mitre.org

http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html

Source: cve@mitre.org

http://secunia.com/advisories/42314

Source: cve@mitre.org

http://secunia.com/advisories/42317

Source: cve@mitre.org

http://secunia.com/advisories/48951

Source: cve@mitre.org

http://support.apple.com/kb/HT4435

Source: cve@mitre.org

http://support.apple.com/kb/HT4456

Source: cve@mitre.org

http://support.apple.com/kb/HT4457

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2010/3045

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2010/3046

Source: cve@mitre.org

https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019

Source: cve@mitre.org

http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/42314

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/42317

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/48951

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.apple.com/kb/HT4435

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.apple.com/kb/HT4456

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.apple.com/kb/HT4457

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2010/3045

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2010/3046

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.