CVE-2010-4259
published 2010-12-07CVE-2010-4259: Stack-based buffer overflow in FontForge 20100501 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code…
PriorityP338medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
10.85%
95.3th percentile
Stack-based buffer overflow in FontForge 20100501 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long CHARSET_REGISTRY header in a BDF font file.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| alexej_kryukov | fontforge | — | — |
| debian | fontforge | < fontforge 0.0.20100501-4 (bookworm) | fontforge 0.0.20100501-4 (bookworm) |
| fontforge | fontforge | >= 0 < 0.0.20100501-4 | 0.0.20100501-4 |
| fontforge | fontforge | >= 0 < 0.0.20100501-4 | 0.0.20100501-4 |
| fontforge | fontforge | >= 0 < 0.0.20100501-4 | 0.0.20100501-4 |
| fontforge | fontforge | >= 0 < 0.0.20100501-4 | 0.0.20100501-4 |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8MEDIUM
vendor_redhat6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
FontForge: Stack-based buffer overflow by processing specially-crafted CHARSET_REGISTRY font file header
vendor_redhat·2010-12-01·CVSS 6.8
CVE-2010-4259 [MEDIUM] CWE-121 FontForge: Stack-based buffer overflow by processing specially-crafted CHARSET_REGISTRY font file header
FontForge: Stack-based buffer overflow by processing specially-crafted CHARSET_REGISTRY font file header
Stack-based buffer overflow in FontForge 20100501 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long CHARSET_REGISTRY header in a BDF font file.
Statement: This issue affects the version of the fontforge package as shipped with
Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated
this issue as having low security impact, a future update may address
this flaw.
Package: fontforge (Red Hat Enterprise Linux 6) - Will not fix
Debian
CVE-2010-4259: fontforge - Stack-based buffer overflow in FontForge 20100501 allows remote attackers to cau...
vendor_debian·2010·CVSS 6.8
CVE-2010-4259 [MEDIUM] CVE-2010-4259: fontforge - Stack-based buffer overflow in FontForge 20100501 allows remote attackers to cau...
Stack-based buffer overflow in FontForge 20100501 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long CHARSET_REGISTRY header in a BDF font file.
Scope: local
bookworm: resolved (fixed in 0.0.20100501-4)
bullseye: resolved (fixed in 0.0.20100501-4)
forky: resolved (fixed in 0.0.20100501-4)
sid: resolved (fixed in 0.0.20100501-4)
trixie: resolved (fixed in 0.0.20100501-4)
GHSA
GHSA-5g26-3q47-628q: Stack-based buffer overflow in FontForge 20100501 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitra
ghsa_unreviewed·2022-05-17
CVE-2010-4259 [MEDIUM] CWE-119 GHSA-5g26-3q47-628q: Stack-based buffer overflow in FontForge 20100501 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitra
Stack-based buffer overflow in FontForge 20100501 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long CHARSET_REGISTRY header in a BDF font file.
OSV
CVE-2010-4259: Stack-based buffer overflow in FontForge 20100501 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitra
osv·2010-12-07·CVSS 6.8
CVE-2010-4259 [MEDIUM] CVE-2010-4259: Stack-based buffer overflow in FontForge 20100501 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitra
Stack-based buffer overflow in FontForge 20100501 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long CHARSET_REGISTRY header in a BDF font file.
No detection rules found.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605537http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052201.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-December/052219.htmlhttp://openwall.com/lists/oss-security/2010/12/02/5http://openwall.com/lists/oss-security/2010/12/02/8http://secunia.com/advisories/42577http://www.debian.org/security/2011/dsa-2253http://www.exploit-db.com/exploits/15732http://www.securityfocus.com/bid/45162http://www.vupen.com/english/advisories/2010/3200https://bugzilla.redhat.com/show_bug.cgi?id=659359http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605537http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052201.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-December/052219.htmlhttp://openwall.com/lists/oss-security/2010/12/02/5http://openwall.com/lists/oss-security/2010/12/02/8http://secunia.com/advisories/42577http://www.debian.org/security/2011/dsa-2253http://www.exploit-db.com/exploits/15732http://www.securityfocus.com/bid/45162http://www.vupen.com/english/advisories/2010/3200https://bugzilla.redhat.com/show_bug.cgi?id=659359
2010-12-07
Published