CVE-2010-1797

HIGH

Description

Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information.

References

http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2

http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=018f5c27813dd7eef4648fe254632ecea0c85a50

http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=11d65e8a1f1f14e56148fd991965424d9bd1cdbc

http://lists.apple.com/archives/security-announce/2010//Aug/msg00000.html

http://lists.apple.com/archives/security-announce/2010//Aug/msg00001.html

http://osvdb.org/66828

http://secunia.com/advisories/40807

http://secunia.com/advisories/40816

http://secunia.com/advisories/40982

http://secunia.com/advisories/48951

http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view

http://support.apple.com/kb/HT4291

http://support.apple.com/kb/HT4292

http://www.exploit-db.com/exploits/14538

http://www.f-secure.com/weblog/archives/00002002.html

http://www.securityfocus.com/bid/42151

http://www.ubuntu.com/usn/USN-972-1

http://www.vupen.com/english/advisories/2010/2018

http://www.vupen.com/english/advisories/2010/2106

https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019

https://bugzilla.redhat.com/show_bug.cgi?id=621144

https://exchange.xforce.ibmcloud.com/vulnerabilities/60856

Details

Source: MITRE

Published: 2010-08-16

Updated: 2019-09-26

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH