CVE-2010-2498Out-of-bounds Write in Freetype

CWE-787Out-of-bounds Write8 documents7 sources
Severity
6.8MEDIUMNVD
EPSS
2.6%
top 14.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
FreetypeApple MAC OS XDebian Freetype+2 more
Timeline
PublishedAug 19
Latest updateMay 13

Description

The psh_glyph_find_strong_points function in pshinter/pshalgo.c in FreeType before 2.4.0 does not properly implement hinting masks, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted font file that triggers an invalid free operation.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages4 packages

debiandebian/freetype< freetype 2.4.0-1 (bookworm)
NVDfreetype/freetype< 2.4.0
Debianfreetype/freetype< 2.4.0-1+3
NVDapple/mac_os_x< 10.6.5

Also affects: Debian Linux 5.0, Ubuntu Linux 10.04, 6.06, 8.04, 9.04, 9.10

Patches

Patch: git.savannah.gnu.orgPatch: bugzilla.redhat.comPatch: git.savannah.gnu.org

🔴Vulnerability Details

2
GHSA
GHSA-73vq-553q-pmh8: The psh_glyph_find_strong_points function in pshinter/pshalgo2022-05-13
OSV
CVE-2010-2498: The psh_glyph_find_strong_points function in pshinter/pshalgo2010-08-19

📋Vendor Advisories

3
Ubuntu
FreeType vulnerabilities2010-07-20
Red Hat
freetype: invalid free vulnerability with possible heap corruption2010-06-09
Debian
CVE-2010-2498: freetype - The psh_glyph_find_strong_points function in pshinter/pshalgo.c in FreeType befo...2010

💬Community

2
Bugzilla
CVE-2010-2497 CVE-2010-2498 CVE-2010-2499 CVE-2010-2500 CVE-2010-2519 CVE-2010-2520 CVE-2010-2527 CVE-2010-2541 freetype various flaws [fedora-all]2010-07-10
Bugzilla
CVE-2010-2498 freetype: invalid free vulnerability with possible heap corruption2010-07-09