CVE-2010-2500

MEDIUM

Description

Integer overflow in the gray_render_span function in smooth/ftgrays.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.

References

http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=6305b869d86ff415a33576df6d43729673c66eee

http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html

http://lists.nongnu.org/archive/html/freetype/2010-07/msg00001.html

http://marc.info/?l=oss-security&m=127905701201340&w=2

http://marc.info/?l=oss-security&m=127909326909362&w=2

http://secunia.com/advisories/48951

http://securitytracker.com/id?1024266

http://support.apple.com/kb/HT4435

http://www.debian.org/security/2010/dsa-2070

http://www.mandriva.com/security/advisories?name=MDVSA-2010:137

http://www.redhat.com/support/errata/RHSA-2010-0577.html

http://www.redhat.com/support/errata/RHSA-2010-0578.html

http://www.ubuntu.com/usn/USN-963-1

https://bugzilla.redhat.com/show_bug.cgi?id=613167

https://savannah.nongnu.org/bugs/?30263

Details

Source: MITRE

Published: 2010-08-19

Updated: 2012-12-19

Type: CWE-189

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

cpe:2.3:a:freetype:freetype:1.3.1:*:*:*:*:*:*:*

cpe:2.3:a:freetype:freetype:2.0.6:*:*:*:*:*:*:*

cpe:2.3:a:freetype:freetype:2.0.9:*:*:*:*:*:*:*

cpe:2.3:a:freetype:freetype:2.1:*:*:*:*:*:*:*

cpe:2.3:a:freetype:freetype:2.1.3:*:*:*:*:*:*:*

cpe:2.3:a:freetype:freetype:2.1.4:*:*:*:*:*:*:*

cpe:2.3:a:freetype:freetype:2.1.5:*:*:*:*:*:*:*

cpe:2.3:a:freetype:freetype:2.1.6:*:*:*:*:*:*:*

cpe:2.3:a:freetype:freetype:2.1.7:*:*:*:*:*:*:*

cpe:2.3:a:freetype:freetype:2.1.8:*:*:*:*:*:*:*

cpe:2.3:a:freetype:freetype:2.1.8_rc1:*:*:*:*:*:*:*

cpe:2.3:a:freetype:freetype:2.1.9:*:*:*:*:*:*:*

cpe:2.3:a:freetype:freetype:2.1.10:*:*:*:*:*:*:*

cpe:2.3:a:freetype:freetype:2.2:*:*:*:*:*:*:*

cpe:2.3:a:freetype:freetype:2.2.1:*:*:*:*:*:*:*

cpe:2.3:a:freetype:freetype:2.2.10:*:*:*:*:*:*:*

cpe:2.3:a:freetype:freetype:2.3.0:*:*:*:*:*:*:*

cpe:2.3:a:freetype:freetype:2.3.1:*:*:*:*:*:*:*

cpe:2.3:a:freetype:freetype:2.3.2:*:*:*:*:*:*:*

cpe:2.3:a:freetype:freetype:2.3.3:*:*:*:*:*:*:*

cpe:2.3:a:freetype:freetype:2.3.4:*:*:*:*:*:*:*

cpe:2.3:a:freetype:freetype:2.3.5:*:*:*:*:*:*:*

cpe:2.3:a:freetype:freetype:2.3.6:*:*:*:*:*:*:*

cpe:2.3:a:freetype:freetype:2.3.7:*:*:*:*:*:*:*

cpe:2.3:a:freetype:freetype:2.3.8:*:*:*:*:*:*:*

cpe:2.3:a:freetype:freetype:2.3.9:*:*:*:*:*:*:*

cpe:2.3:a:freetype:freetype:2.3.10:*:*:*:*:*:*:*

cpe:2.3:a:freetype:freetype:2.3.11:*:*:*:*:*:*:*

cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:* versions up to 2.3.12 (inclusive)

Tenable Plugins

View all (24 total)

ID	Name	Product	Family	Severity
75578	openSUSE Security Update : libfreetype6 (openSUSE-SU-2010:0549-1)	Nessus	SuSE Local Security Checks	high
68075	Oracle Linux 4 / 5 : freetype (ELSA-2010-0578)	Nessus	Oracle Linux Local Security Checks	medium
68074	Oracle Linux 3 : freetype (ELSA-2010-0577)	Nessus	Oracle Linux Local Security Checks	medium
60826	Scientific Linux Security Update : freetype on SL3	Nessus	Scientific Linux Local Security Checks	medium
60825	Scientific Linux Security Update : freetype for SL4 , SL5	Nessus	Scientific Linux Local Security Checks	medium
57651	GLSA-201201-09 : FreeType: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
50905	SuSE 11 / 11.1 Security Update : freetype2 (SAT Patch Numbers 2914 / 2919)	Nessus	SuSE Local Security Checks	high
800791	Mac OS X 10.6 < 10.6.5 Multiple Vulnerabilities	Log Correlation Engine	Operating System Detection	high
5705	Mac OS X 10.6 < 10.6.5 Multiple Vulnerabilities	Nessus Network Monitor	Generic	critical
50549	Mac OS X Multiple Vulnerabilities (Security Update 2010-007)	Nessus	MacOS X Local Security Checks	high
50548	Mac OS X 10.6.x < 10.6.5 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	critical
50437	Fedora 12 : freetype-2.3.11-6.fc12 (2010-15785)	Nessus	Fedora Local Security Checks	high
50026	Fedora 13 : freetype-2.3.11-6.fc13 (2010-15705)	Nessus	Fedora Local Security Checks	high
49854	SuSE 10 Security Update : freetype2 (ZYPP Patch Number 7121)	Nessus	SuSE Local Security Checks	high
48900	SuSE9 Security Update : freetype2 (YOU Patch Number 12630)	Nessus	SuSE Local Security Checks	high
48755	openSUSE Security Update : freetype2 (openSUSE-SU-2010:0549-1)	Nessus	SuSE Local Security Checks	high
48753	openSUSE Security Update : freetype2 (openSUSE-SU-2010:0549-1)	Nessus	SuSE Local Security Checks	high
48343	CentOS 3 : freetype (CESA-2010:0577)	Nessus	CentOS Local Security Checks	medium
48217	CentOS 4 / 5 : freetype (CESA-2010:0578)	Nessus	CentOS Local Security Checks	medium
48212	RHEL 4 / 5 : freetype (RHSA-2010:0578)	Nessus	Red Hat Local Security Checks	medium
48211	RHEL 3 : freetype (RHSA-2010:0577)	Nessus	Red Hat Local Security Checks	medium
48195	Mandriva Linux Security Advisory : freetype2 (MDVSA-2010:137)	Nessus	Mandriva Local Security Checks	medium
47778	Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : freetype vulnerabilities (USN-963-1)	Nessus	Ubuntu Local Security Checks	medium
47735	Debian DSA-2070-1 : freetype - several vulnerabilities	Nessus	Debian Local Security Checks	medium