certfr_avis - certa-2010-avi-360

CERTA-2010-AVI-360

Vulnerability from certfr_avis

Une vulnérabilité dans le lecteur PDF Foxit Reader permet à un utilisateur malveillant d'exécuter du code arbitraire à distance.

Description

Le lecteur Foxit Reader utilise du code FreeType vulnérable lors du traitement de certaines fontes de caractères. L'exploitation de la vulnérabilité permet à un utilisateur malveillant d'exécuter du code arbitraire à distance.

Solution

La version Foxit Reader 4.1.1 remédie à ce problème.

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Foxit Reader 4.x.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

CVE-2010-1797 (GCVE-0-2010-1797)

Vulnerability from cvelistv5

Published

2010-08-16 18:25

Modified

2024-08-07 01:35

Severity ?

CWE

Summary

Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information.

References

URL

Tags

	http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=018f5c27813dd7eef4648fe254632ecea0c85a50	x_refsource_CONFIRM
	https://bugzilla.redhat.com/show_bug.cgi?id=621144	x_refsource_CONFIRM
	http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=11d65e8a1f1f14e56148fd991965424d9bd1cdbc	x_refsource_CONFIRM
	http://www.exploit-db.com/exploits/14538	exploit, x_refsource_EXPLOIT-DB
	https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2010/2018	vdb-entry, x_refsource_VUPEN
	http://osvdb.org/66828	vdb-entry, x_refsource_OSVDB
	http://www.f-secure.com/weblog/archives/00002002.html	x_refsource_MISC
	http://www.ubuntu.com/usn/USN-972-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.apple.com/archives/security-announce/2010//Aug/msg00001.html	vendor-advisory, x_refsource_APPLE
	http://secunia.com/advisories/40816	third-party-advisory, x_refsource_SECUNIA
	http://support.apple.com/kb/HT4292	x_refsource_CONFIRM
	http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2	x_refsource_CONFIRM
	http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/42151	vdb-entry, x_refsource_BID
	http://support.apple.com/kb/HT4291	x_refsource_CONFIRM
	http://secunia.com/advisories/40982	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2010/2106	vdb-entry, x_refsource_VUPEN
	http://lists.apple.com/archives/security-announce/2010//Aug/msg00000.html	vendor-advisory, x_refsource_APPLE
	http://secunia.com/advisories/48951	third-party-advisory, x_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/60856	vdb-entry, x_refsource_XF
	http://secunia.com/advisories/40807	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T01:35:53.632Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=018f5c27813dd7eef4648fe254632ecea0c85a50"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=621144"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=11d65e8a1f1f14e56148fd991965424d9bd1cdbc"
          },
          {
            "name": "14538",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/14538"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019"
          },
          {
            "name": "ADV-2010-2018",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2018"
          },
          {
            "name": "66828",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/66828"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.f-secure.com/weblog/archives/00002002.html"
          },
          {
            "name": "USN-972-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-972-1"
          },
          {
            "name": "APPLE-SA-2010-08-11-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010//Aug/msg00001.html"
          },
          {
            "name": "40816",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40816"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4292"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view"
          },
          {
            "name": "42151",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/42151"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4291"
          },
          {
            "name": "40982",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40982"
          },
          {
            "name": "ADV-2010-2106",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2106"
          },
          {
            "name": "APPLE-SA-2010-08-11-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010//Aug/msg00000.html"
          },
          {
            "name": "48951",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48951"
          },
          {
            "name": "appleios-pdf-code-execution(60856)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60856"
          },
          {
            "name": "40807",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40807"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-08-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=018f5c27813dd7eef4648fe254632ecea0c85a50"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=621144"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=11d65e8a1f1f14e56148fd991965424d9bd1cdbc"
        },
        {
          "name": "14538",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/14538"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019"
        },
        {
          "name": "ADV-2010-2018",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2018"
        },
        {
          "name": "66828",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/66828"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.f-secure.com/weblog/archives/00002002.html"
        },
        {
          "name": "USN-972-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-972-1"
        },
        {
          "name": "APPLE-SA-2010-08-11-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010//Aug/msg00001.html"
        },
        {
          "name": "40816",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40816"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4292"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view"
        },
        {
          "name": "42151",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/42151"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4291"
        },
        {
          "name": "40982",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40982"
        },
        {
          "name": "ADV-2010-2106",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2106"
        },
        {
          "name": "APPLE-SA-2010-08-11-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010//Aug/msg00000.html"
        },
        {
          "name": "48951",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48951"
        },
        {
          "name": "appleios-pdf-code-execution(60856)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60856"
        },
        {
          "name": "40807",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40807"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2010-1797",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=018f5c27813dd7eef4648fe254632ecea0c85a50",
              "refsource": "CONFIRM",
              "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=018f5c27813dd7eef4648fe254632ecea0c85a50"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=621144",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=621144"
            },
            {
              "name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=11d65e8a1f1f14e56148fd991965424d9bd1cdbc",
              "refsource": "CONFIRM",
              "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=11d65e8a1f1f14e56148fd991965424d9bd1cdbc"
            },
            {
              "name": "14538",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/14538"
            },
            {
              "name": "https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019",
              "refsource": "CONFIRM",
              "url": "https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019"
            },
            {
              "name": "ADV-2010-2018",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/2018"
            },
            {
              "name": "66828",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/66828"
            },
            {
              "name": "http://www.f-secure.com/weblog/archives/00002002.html",
              "refsource": "MISC",
              "url": "http://www.f-secure.com/weblog/archives/00002002.html"
            },
            {
              "name": "USN-972-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-972-1"
            },
            {
              "name": "APPLE-SA-2010-08-11-2",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2010//Aug/msg00001.html"
            },
            {
              "name": "40816",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/40816"
            },
            {
              "name": "http://support.apple.com/kb/HT4292",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT4292"
            },
            {
              "name": "http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2",
              "refsource": "CONFIRM",
              "url": "http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2"
            },
            {
              "name": "http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view"
            },
            {
              "name": "42151",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/42151"
            },
            {
              "name": "http://support.apple.com/kb/HT4291",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT4291"
            },
            {
              "name": "40982",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/40982"
            },
            {
              "name": "ADV-2010-2106",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/2106"
            },
            {
              "name": "APPLE-SA-2010-08-11-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2010//Aug/msg00000.html"
            },
            {
              "name": "48951",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48951"
            },
            {
              "name": "appleios-pdf-code-execution(60856)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60856"
            },
            {
              "name": "40807",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/40807"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2010-1797",
    "datePublished": "2010-08-16T18:25:00",
    "dateReserved": "2010-05-06T00:00:00",
    "dateUpdated": "2024-08-07T01:35:53.632Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted