CVE-2010-2807 — MEDIUM (6.8)

Q: How severe is CVE-2010-2807?

CVE-2010-2807 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2010-2807?

Check the references section above for vendor advisories and patch information. Affected products include: Freetype Freetype, Canonical Ubuntu Linux, Apple Iphone Os, Apple Mac Os X, Apple Tvos.

Vulnerability Description

FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.

CVSS Score

6.8

MEDIUM

AV:N/AC:M/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Freetype	Freetype	< 2.4.2
Canonical	Ubuntu Linux	6.06
Apple	Iphone Os	< 4.2
Apple	Mac Os X	< 10.6.5
Apple	Tvos	< 4.1.0

Related Weaknesses (CWE)

CWE-681

References

http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2Release NotesThird Party Advisory
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=346f1867fd32dPatchThird Party Advisory
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.htmlMailing ListThird Party Advisory
http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.htmlMailing ListThird Party Advisory
http://marc.info/?l=oss-security&m=128111955616772&w=2Mailing ListPatchThird Party Advisory
http://secunia.com/advisories/40816Third Party Advisory
http://secunia.com/advisories/40982Third Party Advisory
http://secunia.com/advisories/42314Third Party Advisory
http://secunia.com/advisories/42317Third Party Advisory
http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/viewProductThird Party Advisory
http://support.apple.com/kb/HT4435Broken Link
http://support.apple.com/kb/HT4456Third Party Advisory
http://support.apple.com/kb/HT4457Third Party Advisory
http://www.securityfocus.com/bid/42285Third Party AdvisoryVDB Entry
http://www.ubuntu.com/usn/USN-972-1Third Party Advisory

FAQ

What is CVE-2010-2807?

CVE-2010-2807 is a vulnerability with a CVSS score of 6.8 (MEDIUM). FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ...

How severe is CVE-2010-2807?

CVE-2010-2807 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2010-2807?

Check the references section above for vendor advisories and patch information. Affected products include: Freetype Freetype, Canonical Ubuntu Linux, Apple Iphone Os, Apple Mac Os X, Apple Tvos.