CVE-2010-2497 — Integer Underflow (Wrap or Wraparound) in Freetype

CWE-191 — Integer Underflow (Wrap or Wraparound)CWE-190 — Integer Overflow or Wraparound CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents6 sources

Severity

6.8MEDIUMNVD

EPSS

2.1%

top 15.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Freetype Apple MAC OS X Debian Freetype +1 more

Timeline

PublishedAug 19

Latest updateMay 13

Description

Integer underflow in glyph handling in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages4 packages

▶debiandebian/freetype< freetype 2.4.0-1 (bookworm)

▶NVDfreetype/freetype< 2.4.0

▶Debianfreetype/freetype< 2.4.0-1+3

▶NVDapple/mac_os_x< 10.6.5

Also affects: Debian Linux 5.0

Patches

Patch: git.savannah.gnu.org ↗Patch: bugzilla.redhat.com ↗Patch: git.savannah.gnu.org ↗

🔴Vulnerability Details

GHSA

GHSA-5f9p-3w99-9cj2: Integer underflow in glyph handling in FreeType before 2↗2022-05-13

▶

OSV

CVE-2010-2497: Integer underflow in glyph handling in FreeType before 2↗2010-08-19

▶

📋Vendor Advisories

Red Hat

freetype: integer underflow vulnerability↗2010-06-09

▶

Debian

CVE-2010-2497: freetype - Integer underflow in glyph handling in FreeType before 2.4.0 allows remote attac...↗2010

▶

💬Community

Bugzilla

CVE-2010-2497 CVE-2010-2498 CVE-2010-2499 CVE-2010-2500 CVE-2010-2519 CVE-2010-2520 CVE-2010-2527 CVE-2010-2541 freetype various flaws [fedora-all]↗2010-07-10

▶

Bugzilla

CVE-2010-2497 freetype: integer underflow vulnerability↗2010-07-09

▶