CVE-2010-2500 — Integer Overflow or Wraparound in Freetype

CWE-190 — Integer Overflow or Wraparound8 documents7 sources

Severity

6.8MEDIUMNVD

EPSS

2.6%

top 14.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Freetype Apple MAC OS X Debian Freetype +2 more

Timeline

PublishedAug 19

Latest updateMay 13

Description

Integer overflow in the gray_render_span function in smooth/ftgrays.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages4 packages

▶debiandebian/freetype< freetype 2.4.0-1 (bookworm)

▶NVDfreetype/freetype< 2.4.0

▶Debianfreetype/freetype< 2.4.0-1+3

▶NVDapple/mac_os_x< 10.6.5

Also affects: Debian Linux 5.0, Ubuntu Linux 10.04, 6.06, 8.04, 9.04, 9.10

Patches

Patch: git.savannah.gnu.org ↗Patch: bugzilla.redhat.com ↗Patch: git.savannah.gnu.org ↗

🔴Vulnerability Details

GHSA

GHSA-2f5q-9jjp-h29j: Integer overflow in the gray_render_span function in smooth/ftgrays↗2022-05-13

▶

OSV

CVE-2010-2500: Integer overflow in the gray_render_span function in smooth/ftgrays↗2010-08-19

▶

📋Vendor Advisories

Ubuntu

FreeType vulnerabilities↗2010-07-20

▶

Red Hat

freetype: integer overflow vulnerability in smooth/ftgrays.c↗2010-06-09

▶

Debian

CVE-2010-2500: freetype - Integer overflow in the gray_render_span function in smooth/ftgrays.c in FreeTyp...↗2010

▶

💬Community

Bugzilla

CVE-2010-2497 CVE-2010-2498 CVE-2010-2499 CVE-2010-2500 CVE-2010-2519 CVE-2010-2520 CVE-2010-2527 CVE-2010-2541 freetype various flaws [fedora-all]↗2010-07-10

▶

Bugzilla

CVE-2010-2500 freetype: integer overflow vulnerability in smooth/ftgrays.c↗2010-07-09

▶