ID CVE-2010-3054
Summary Unspecified vulnerability in FreeType 2.3.9, and other versions before 2.4.2, allows remote attackers to cause a denial of service via vectors involving nested Standard Encoding Accented Character (aka seac) calls, related to psaux.h, cffgload.c, cffgload.h, and t1decode.c.
References
Vulnerable Configurations
  • cpe:2.3:a:freetype:freetype:2.3.9:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.3.9:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.3.10:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.3.10:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.3.11:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.3.11:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.3.12:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.3.12:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.4.1:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 19-12-2012 - 04:30)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
  • rhsa
    id RHSA-2010:0736
  • rhsa
    id RHSA-2010:0737
rpms
  • freetype-0:2.1.4-18.el3
  • freetype-debuginfo-0:2.1.4-18.el3
  • freetype-devel-0:2.1.4-18.el3
  • freetype-0:2.1.9-17.el4.8
  • freetype-0:2.2.1-28.el5_5
  • freetype-debuginfo-0:2.1.9-17.el4.8
  • freetype-debuginfo-0:2.2.1-28.el5_5
  • freetype-demos-0:2.1.9-17.el4.8
  • freetype-demos-0:2.2.1-28.el5_5
  • freetype-devel-0:2.1.9-17.el4.8
  • freetype-devel-0:2.2.1-28.el5_5
  • freetype-utils-0:2.1.9-17.el4.8
refmap via4
apple
  • APPLE-SA-2010-11-10-1
  • APPLE-SA-2010-11-22-1
bid 42621
confirm
secunia
  • 42314
  • 42317
  • 48951
suse SUSE-SR:2010:019
vupen
  • ADV-2010-3045
  • ADV-2010-3046
Last major update 19-12-2012 - 04:30
Published 19-08-2010 - 18:00
Last modified 19-12-2012 - 04:30
Back to Top