CVE-2010-2805Improper Input Validation in Freetype

CWE-20Improper Input Validation8 documents7 sources
Severity
6.8MEDIUMNVD
EPSS
5.6%
top 9.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
FreetypeApple Iphone OSApple MAC OS X+3 more
Timeline
PublishedAug 19
Latest updateMay 13

Description

The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages6 packages

debiandebian/freetype< freetype 2.4.2-1 (bookworm)
NVDfreetype/freetype< 2.4.2
Debianfreetype/freetype< 2.4.2-1+3
NVDapple/tvos< 4.1.0
NVDapple/mac_os_x< 10.6.5

Also affects: Ubuntu Linux 10.04, 6.06, 8.04, 9.04, 9.10

Patches

Patch: git.savannah.gnu.orgPatch: marc.infoPatch: git.savannah.gnu.org

🔴Vulnerability Details

2
GHSA
GHSA-w5qw-jrjj-73c5: The FT_Stream_EnterFrame function in base/ftstream2022-05-13
OSV
CVE-2010-2805: The FT_Stream_EnterFrame function in base/ftstream2010-08-19

📋Vendor Advisories

3
Ubuntu
FreeType vulnerabilities2010-08-17
Red Hat
freetype: FT_Stream_EnterFrame() does not properly validate certain position values2010-08-04
Debian
CVE-2010-2805: freetype - The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 do...2010

💬Community

2
Bugzilla
CVE-2010-2808 CVE-2010-2806 CVE-2010-2805 CVE-2010-3311 freetype various flaws [fedora-all]2010-09-29
Bugzilla
CVE-2010-2805 freetype: FT_Stream_EnterFrame() does not properly validate certain position values2010-08-20