CVE-2010-2520Out-of-bounds Write in Freetype

CWE-787Out-of-bounds WriteCWE-228Improper Handling of Syntactically Invalid StructureCWE-122Heap-based Buffer Overflow9 documents8 sources
Severity
5.1MEDIUMNVD
EPSS
3.2%
top 13.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
FreetypeApple MAC OS XDebian Freetype+2 more
Timeline
PublishedAug 19
Latest updateMay 13

Description

Heap-based buffer overflow in the Ins_IUP function in truetype/ttinterp.c in FreeType before 2.4.0, when TrueType bytecode support is enabled, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages4 packages

debiandebian/freetype< freetype 2.4.0-1 (bookworm)
NVDfreetype/freetype< 2.4.0
Debianfreetype/freetype< 2.4.0-1+3
NVDapple/mac_os_x< 10.6.5

Also affects: Debian Linux 5.0, Ubuntu Linux 10.04, 6.06, 8.04, 9.04, 9.10

Patches

Patch: git.savannah.gnu.orgPatch: bugzilla.redhat.comPatch: git.savannah.gnu.org

🔴Vulnerability Details

2
GHSA
GHSA-hfjf-652v-fg9x: Heap-based buffer overflow in the Ins_IUP function in truetype/ttinterp2022-05-13
OSV
CVE-2010-2520: Heap-based buffer overflow in the Ins_IUP function in truetype/ttinterp2010-08-19

💥Exploits & PoCs

1
Exploit-DB
Microsoft Office 2007 - BIFFRecord Length Use-After-Free2015-09-16

📋Vendor Advisories

3
Ubuntu
FreeType vulnerabilities2010-07-20
Red Hat
freetype: heap buffer overflow vulnerability in truetype bytecode support2010-06-09
Debian
CVE-2010-2520: freetype - Heap-based buffer overflow in the Ins_IUP function in truetype/ttinterp.c in Fre...2010

💬Community

2
Bugzilla
CVE-2010-2497 CVE-2010-2498 CVE-2010-2499 CVE-2010-2500 CVE-2010-2519 CVE-2010-2520 CVE-2010-2527 CVE-2010-2541 freetype various flaws [fedora-all]2010-07-10
Bugzilla
CVE-2010-2520 freetype: heap buffer overflow vulnerability in truetype bytecode support2010-07-10