ID CVE-2010-3311
Summary Integer overflow in base/ftstream.c in libXft (aka the X FreeType library) in FreeType before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Compact Font Format (CFF) font file that triggers a heap-based buffer overflow, related to an "input stream position error" issue, a different vulnerability than CVE-2010-1797.
References
Vulnerable Configurations
  • cpe:2.3:a:freetype:freetype:1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:1.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.1:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.1.8:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.1.8:rc1:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.1.8:rc1:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.1.9:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.1.9:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.1.10:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.1.10:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.2.10:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.2.10:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.3.7:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.3.8:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.3.8:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.3.9:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.3.9:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.3.10:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.3.10:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.3.11:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.3.11:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.0.0:-:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.0.0:-:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.0.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.0.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.0.0:beta3:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.0.0:beta3:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.0.0:beta4:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.0.0:beta4:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.1.1:-:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.1.1:-:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.1.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.1.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.1.2:-:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.1.2:-:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.1.2:rc1:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.1.2:rc1:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.1.3:-:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.1.3:-:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.1.3:rc1:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.1.3:rc1:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.1.3:rc2:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.1.3:rc2:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.1.3:rc3:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.1.3:rc3:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.1.4:-:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.1.4:-:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.1.4:rc1:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.1.4:rc1:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.1.4:rc2:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.1.4:rc2:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.1.5:-:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.1.5:-:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.1.5:rc1:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.1.5:rc1:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.1.5:rc2:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.1.5:rc2:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.1.8:-:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.1.8:-:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.1.8_rc1:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.1.8_rc1:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.2:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.2.0:-:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.2.0:-:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.2.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.2.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.2.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.2.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.2.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.2.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.2.0:rc4:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.2.0:rc4:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.3.0:-:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.3.0:-:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.3.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.3.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.3.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.3.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.3.12:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.3.12:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 26-01-2021 - 12:41)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
redhat via4
advisories
  • bugzilla
    id 625632
    title calls
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 4 is installed
        oval oval:com.redhat.rhba:tst:20070304025
      • OR
        • AND
          • comment freetype is earlier than 0:2.1.9-17.el4.8
            oval oval:com.redhat.rhsa:tst:20100737001
          • comment freetype is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060500002
        • AND
          • comment freetype-demos is earlier than 0:2.1.9-17.el4.8
            oval oval:com.redhat.rhsa:tst:20100737003
          • comment freetype-demos is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060500004
        • AND
          • comment freetype-devel is earlier than 0:2.1.9-17.el4.8
            oval oval:com.redhat.rhsa:tst:20100737005
          • comment freetype-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060500006
        • AND
          • comment freetype-utils is earlier than 0:2.1.9-17.el4.8
            oval oval:com.redhat.rhsa:tst:20100737007
          • comment freetype-utils is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060500008
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • comment freetype is earlier than 0:2.2.1-28.el5_5
            oval oval:com.redhat.rhsa:tst:20100737010
          • comment freetype is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070150011
        • AND
          • comment freetype-demos is earlier than 0:2.2.1-28.el5_5
            oval oval:com.redhat.rhsa:tst:20100737012
          • comment freetype-demos is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070150013
        • AND
          • comment freetype-devel is earlier than 0:2.2.1-28.el5_5
            oval oval:com.redhat.rhsa:tst:20100737014
          • comment freetype-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070150015
    rhsa
    id RHSA-2010:0737
    released 2010-10-04
    severity Important
    title RHSA-2010:0737: freetype security update (Important)
  • bugzilla
    id 625626
    title CVE-2010-2805 freetype: FT_Stream_EnterFrame() does not properly validate certain position values
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • comment freetype is earlier than 0:2.3.11-6.el6_0.1
            oval oval:com.redhat.rhsa:tst:20100864001
          • comment freetype is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100864002
        • AND
          • comment freetype-demos is earlier than 0:2.3.11-6.el6_0.1
            oval oval:com.redhat.rhsa:tst:20100864003
          • comment freetype-demos is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100864004
        • AND
          • comment freetype-devel is earlier than 0:2.3.11-6.el6_0.1
            oval oval:com.redhat.rhsa:tst:20100864005
          • comment freetype-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100864006
    rhsa
    id RHSA-2010:0864
    released 2010-11-10
    severity Important
    title RHSA-2010:0864: freetype security update (Important)
  • rhsa
    id RHSA-2010:0736
rpms
  • freetype-0:2.1.4-18.el3
  • freetype-debuginfo-0:2.1.4-18.el3
  • freetype-devel-0:2.1.4-18.el3
  • freetype-0:2.1.9-17.el4.8
  • freetype-0:2.2.1-28.el5_5
  • freetype-debuginfo-0:2.1.9-17.el4.8
  • freetype-debuginfo-0:2.2.1-28.el5_5
  • freetype-demos-0:2.1.9-17.el4.8
  • freetype-demos-0:2.2.1-28.el5_5
  • freetype-devel-0:2.1.9-17.el4.8
  • freetype-devel-0:2.2.1-28.el5_5
  • freetype-utils-0:2.1.9-17.el4.8
  • freetype-0:2.3.11-6.el6_0.1
  • freetype-debuginfo-0:2.3.11-6.el6_0.1
  • freetype-demos-0:2.3.11-6.el6_0.1
  • freetype-devel-0:2.3.11-6.el6_0.1
refmap via4
bid 43700
confirm https://bugzilla.redhat.com/show_bug.cgi?id=623625
debian DSA-2116
mandriva MDVSA-2010:201
secunia 48951
suse SUSE-SR:2010:019
ubuntu USN-1013-1
Last major update 26-01-2021 - 12:41
Published 07-01-2011 - 23:00
Last modified 26-01-2021 - 12:41
Back to Top