CVE-2010-2499 — Classic Buffer Overflow in Freetype

CWE-120 — Classic Buffer Overflow9 documents8 sources

Severity

6.8MEDIUMNVD

EPSS

3.4%

top 12.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Freetype Apple MAC OS X Debian Freetype +2 more

Timeline

PublishedAug 19

Latest updateMay 13

Description

Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted LaserWriter PS font file with an embedded PFB fragment.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages4 packages

▶debiandebian/freetype< freetype 2.4.0-1 (bookworm)

▶NVDfreetype/freetype< 2.4.0

▶Debianfreetype/freetype< 2.4.0-1+3

▶NVDapple/mac_os_x< 10.6.5

Also affects: Debian Linux 5.0, Ubuntu Linux 10.04, 6.06, 8.04, 9.04, 9.10

Patches

Patch: git.savannah.gnu.org ↗Patch: git.savannah.gnu.org ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-3wpj-386x-fqr4: Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs↗2022-05-13

▶

OSV

CVE-2010-2499: Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs↗2010-08-19

▶

💥Exploits & PoCs

Exploit-DB

IBM Lotus Domino Sametime - 'STMux.exe' Remote Stack Buffer Overflow (Metasploit)↗2010-05-09

▶

📋Vendor Advisories

Ubuntu

FreeType vulnerabilities↗2010-07-20

▶

Red Hat

freetype: buffer overflow vulnerability↗2010-06-09

▶

Debian

CVE-2010-2499: freetype - Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeT...↗2010

▶

💬Community

Bugzilla

CVE-2010-2497 CVE-2010-2498 CVE-2010-2499 CVE-2010-2500 CVE-2010-2519 CVE-2010-2520 CVE-2010-2527 CVE-2010-2541 freetype various flaws [fedora-all]↗2010-07-10

▶

Bugzilla

CVE-2010-2499 freetype: buffer overflow vulnerability↗2010-07-09

▶