Back to search
CVE-2010-2806
Published: Aug 19, 2010
Modified: Aug 7, 2024
PUBLISHED
Description
Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
ADV-2010-3045
vdb-entry
x_refsource_VUPEN
http://support.apple.com/kb/HT4435
x_refsource_CONFIRM
https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019
x_refsource_CONFIRM
http://support.apple.com/kb/HT4457
x_refsource_CONFIRM
ADV-2010-2018
vdb-entry
x_refsource_VUPEN
ADV-2010-3046
vdb-entry
x_refsource_VUPEN
RHSA-2010:0737
vendor-advisory
x_refsource_REDHAT
USN-972-1
vendor-advisory
x_refsource_UBUNTU
APPLE-SA-2010-11-10-1
vendor-advisory
x_refsource_APPLE
42317
third-party-advisory
x_refsource_SECUNIA
40816
third-party-advisory
x_refsource_SECUNIA
http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2
x_refsource_CONFIRM
https://savannah.nongnu.org/bugs/?30656
x_refsource_CONFIRM
42314
third-party-advisory
x_refsource_SECUNIA
http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view
x_refsource_CONFIRM
RHSA-2010:0864
vendor-advisory
x_refsource_REDHAT
40982
third-party-advisory
x_refsource_SECUNIA
ADV-2010-2106
vdb-entry
x_refsource_VUPEN
https://bugzilla.redhat.com/show_bug.cgi?id=621980
x_refsource_CONFIRM
http://support.apple.com/kb/HT4456
x_refsource_CONFIRM
42285
vdb-entry
x_refsource_BID
APPLE-SA-2010-11-22-1
vendor-advisory
x_refsource_APPLE
RHSA-2010:0736
vendor-advisory
x_refsource_REDHAT
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now