CVE-2010-2806Improper Validation of Array Index in Freetype

CWE-129Improper Validation of Array IndexCWE-122Heap-based Buffer Overflow9 documents7 sources
Severity
6.8MEDIUMNVD
EPSS
9.4%
top 7.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
FreetypeApple Iphone OSApple MAC OS X+3 more
Timeline
PublishedAug 19
Latest updateMay 13

Description

Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages6 packages

debiandebian/freetype< freetype 2.4.2-1 (bookworm)
NVDfreetype/freetype< 2.4.2
Debianfreetype/freetype< 2.4.2-1+3
NVDapple/tvos< 4.1.0
NVDapple/mac_os_x< 10.6.5

Also affects: Ubuntu Linux 10.04, 6.06, 8.04, 9.04, 9.10

Patches

Patch: git.savannah.gnu.orgPatch: marc.infoPatch: bugzilla.redhat.com

🔴Vulnerability Details

2
GHSA
GHSA-69qg-rxrw-rwrh: Array index error in the t42_parse_sfnts function in type42/t42parse2022-05-13
OSV
CVE-2010-2806: Array index error in the t42_parse_sfnts function in type42/t42parse2010-08-19

📋Vendor Advisories

3
Ubuntu
FreeType vulnerabilities2010-08-17
Red Hat
FreeType: Heap-based buffer overflow by processing FontType42 fonts with negative length of SFNT strings (FT bug #30656)2010-08-05
Debian
CVE-2010-2806: freetype - Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeTy...2010

💬Community

3
Bugzilla
CVE-2010-2808 CVE-2010-2806 CVE-2010-2805 CVE-2010-3311 freetype various flaws [fedora-all]2010-09-29
Bugzilla
CVE-2010-2806 FreeType: Heap-based buffer overflow by processing FontType42 fonts with negative length of SFNT strings (FT bug #30656)2010-08-06
Bugzilla
CVE-2010-1797 CVE-2010-2806 freetype various flaws [fedora-all]2010-08-05