CVE-2010-1797

critical

Description

Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/60856

https://bugzilla.redhat.com/show_bug.cgi?id=621144

https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019

http://www.vupen.com/english/advisories/2010/2106

http://www.vupen.com/english/advisories/2010/2018

http://www.ubuntu.com/usn/USN-972-1

http://www.f-secure.com/weblog/archives/00002002.html

http://support.apple.com/kb/HT4292

http://support.apple.com/kb/HT4291

http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view

http://secunia.com/advisories/48951

http://secunia.com/advisories/40982

http://secunia.com/advisories/40816

http://secunia.com/advisories/40807

http://osvdb.org/66828

http://lists.apple.com/archives/security-announce/2010//Aug/msg00001.html

http://lists.apple.com/archives/security-announce/2010//Aug/msg00000.html

http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=11d65e8a1f1f14e56148fd991965424d9bd1cdbc

http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=018f5c27813dd7eef4648fe254632ecea0c85a50

http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2

Details

Source: Mitre, NVD

Published: 2010-08-16

Updated: 2021-05-23

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical