Back to search
CVE-2010-2805
Published: Aug 19, 2010
Modified: Aug 7, 2024
PUBLISHED
Description
The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
ADV-2010-3045
vdb-entry
x_refsource_VUPEN
http://support.apple.com/kb/HT4435
x_refsource_CONFIRM
https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019
x_refsource_CONFIRM
http://support.apple.com/kb/HT4457
x_refsource_CONFIRM
ADV-2010-2018
vdb-entry
x_refsource_VUPEN
ADV-2010-3046
vdb-entry
x_refsource_VUPEN
USN-972-1
vendor-advisory
x_refsource_UBUNTU
APPLE-SA-2010-11-10-1
vendor-advisory
x_refsource_APPLE
42317
third-party-advisory
x_refsource_SECUNIA
40816
third-party-advisory
x_refsource_SECUNIA
http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2
x_refsource_CONFIRM
42314
third-party-advisory
x_refsource_SECUNIA
http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view
x_refsource_CONFIRM
RHSA-2010:0864
vendor-advisory
x_refsource_REDHAT
40982
third-party-advisory
x_refsource_SECUNIA
ADV-2010-2106
vdb-entry
x_refsource_VUPEN
http://support.apple.com/kb/HT4456
x_refsource_CONFIRM
48951
third-party-advisory
x_refsource_SECUNIA
https://savannah.nongnu.org/bugs/?30644
x_refsource_CONFIRM
42285
vdb-entry
x_refsource_BID
APPLE-SA-2010-11-22-1
vendor-advisory
x_refsource_APPLE
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now