cve-2010-3053
Vulnerability from cvelistv5
Published
2010-08-19 17:43
Modified
2024-08-07 02:55
Severity ?
EPSS score ?
Summary
bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) via a crafted BDF font file, related to an attempted modification of a value in a static string.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T02:55:46.533Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ADV-2010-3045", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/3045" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT4435" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT4457" }, { "name": "ADV-2010-3046", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/3046" }, { "name": "APPLE-SA-2010-11-10-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" }, { "name": "42317", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/42317" }, { "name": "42314", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/42314" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT4456" }, { "name": "48951", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48951" }, { "name": "SUSE-SR:2010:019", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" }, { "name": "APPLE-SA-2010-11-22-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2010-08-17T00:00:00", "descriptions": [ { "lang": "en", "value": "bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) via a crafted BDF font file, related to an attempted modification of a value in a static string." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2010-11-18T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "ADV-2010-3045", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/3045" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT4435" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT4457" }, { "name": "ADV-2010-3046", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/3046" }, { "name": "APPLE-SA-2010-11-10-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" }, { "name": "42317", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/42317" }, { "name": "42314", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/42314" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT4456" }, { "name": "48951", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48951" }, { "name": "SUSE-SR:2010:019", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" }, { "name": "APPLE-SA-2010-11-22-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-3053", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) via a crafted BDF font file, related to an attempted modification of a value in a static string." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "ADV-2010-3045", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/3045" }, { "name": "http://support.apple.com/kb/HT4435", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT4435" }, { "name": "https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019", "refsource": "CONFIRM", "url": "https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019" }, { "name": "http://support.apple.com/kb/HT4457", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT4457" }, { "name": "ADV-2010-3046", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/3046" }, { "name": "APPLE-SA-2010-11-10-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" }, { "name": "42317", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/42317" }, { "name": "42314", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/42314" }, { "name": "http://support.apple.com/kb/HT4456", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT4456" }, { "name": "48951", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48951" }, { "name": "SUSE-SR:2010:019", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" }, { "name": "APPLE-SA-2010-11-22-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-3053", "datePublished": "2010-08-19T17:43:00", "dateReserved": "2010-08-19T00:00:00", "dateUpdated": "2024-08-07T02:55:46.533Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2010-3053\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2010-08-19T18:00:06.453\",\"lastModified\":\"2024-11-21T01:17:56.400\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) via a crafted BDF font file, related to an attempted modification of a value in a static string.\"},{\"lang\":\"es\",\"value\":\"bdf/bdflib.c en FreeType en versiones anteriores a la 2.4.2 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) mediante una fichero de fuentes BDF modificado, relacionado con un intento de modificaci\u00f3n de un valor en una cadena est\u00e1tica.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.4.1\",\"matchCriteriaId\":\"462D9B4F-23B3-4EEC-8E15-A6756D36EEA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:1.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"888C3BB8-510B-4FBE-BA5D-0D488583C7DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:2.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B126D1A0-6B54-4C56-8CEC-B395D54A5C3C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:2.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"28CA4C7D-D70A-44CF-8E3D-F2612CCA0799\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4E76672-7216-443E-BBD8-120DA96F7E4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:2.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"369D87D8-E4A7-4EC4-B508-2940EE174F95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:2.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"288FDB59-7FE4-4351-8822-554ADF07C79A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:2.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B681257A-F8D8-46D5-995D-BC44F54DD5C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:2.1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56E0DEB6-4414-49AB-88E9-988CE5D8EF67\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:2.1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56A90D08-2CAF-422F-8587-7D88EC7632A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:2.1.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B944FEB-F69D-4F6C-9485-26F95A5874B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:2.1.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F73474B9-6853-4C5C-9CB9-5F4D3080D1C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:2.1.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5283E910-D512-481C-804E-8717A83B24CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:2.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A28C0F7A-F1F3-4F3B-81B9-228DA8FCCCD8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:2.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7252819-BA8A-4BD1-BAAA-179A8777C994\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:2.2.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B4450B4-B21F-4153-B9DD-C36A2381F00D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:2.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11575E3C-2BEA-4264-AE41-4A962BD17035\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:2.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D333A965-EAD2-40DB-8FBE-C4C7DF44C35C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:2.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8CA37666-D2E6-47EF-BFFE-A9449D6A72CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:2.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2B49505-C973-4673-A9BC-34ACA25059D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:2.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8E8ECCA-58F2-4A05-8DF2-79C09A5FB275\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:2.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8697D11D-BBDF-4722-85F7-5144A5D26E37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:2.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"50E3EDA8-04D1-4DF1-80BB-72C6003E8F53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:2.3.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB06CA25-BB25-43B8-9FC2-62C399CC52EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:2.3.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6AF7414E-33A7-40E2-AEF0-1AE9D7D1B077\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:2.3.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FC0BD12-E065-4CC9-8AEE-E4C34A58EC3C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:2.3.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"214DC64B-BA35-486B-AE30-F2D9381E4D26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:2.3.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7CDE19A-473A-4BC5-AA7B-3D08FEEEE82C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:2.3.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD8401A8-A328-49F6-BAE8-337F5F36C906\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:2.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3FBF5BAA-8027-478F-BE06-3D3F4F823C7B\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/42314\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/42317\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/48951\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.apple.com/kb/HT4435\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.apple.com/kb/HT4456\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.apple.com/kb/HT4457\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/3045\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/3046\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/42314\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/42317\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/48951\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.apple.com/kb/HT4435\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.apple.com/kb/HT4456\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.apple.com/kb/HT4457\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/3045\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/3046\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.