CVE-2010-3311

HIGH

Description

Integer overflow in base/ftstream.c in libXft (aka the X FreeType library) in FreeType before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Compact Font Format (CFF) font file that triggers a heap-based buffer overflow, related to an "input stream position error" issue, a different vulnerability than CVE-2010-1797.

References

http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html

http://secunia.com/advisories/48951

http://www.debian.org/security/2010/dsa-2116

http://www.mandriva.com/security/advisories?name=MDVSA-2010:201

http://www.redhat.com/support/errata/RHSA-2010-0864.html

http://www.securityfocus.com/bid/43700

http://www.ubuntu.com/usn/USN-1013-1

https://bugzilla.redhat.com/show_bug.cgi?id=623625

https://rhn.redhat.com/errata/RHSA-2010-0736.html

https://rhn.redhat.com/errata/RHSA-2010-0737.html

Details

Source: MITRE

Published: 2011-01-07

Updated: 2012-12-19

Type: CWE-189

Risk Information

CVSS v2.0

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Vulnerable Software

Configuration 1

cpe:2.3:a:freetype:freetype:1.3.1:*:*:*:*:*:*:*

cpe:2.3:a:freetype:freetype:2.0.6:*:*:*:*:*:*:*

cpe:2.3:a:freetype:freetype:2.0.9:*:*:*:*:*:*:*

cpe:2.3:a:freetype:freetype:2.1:*:*:*:*:*:*:*

cpe:2.3:a:freetype:freetype:2.1.3:*:*:*:*:*:*:*

cpe:2.3:a:freetype:freetype:2.1.4:*:*:*:*:*:*:*

cpe:2.3:a:freetype:freetype:2.1.5:*:*:*:*:*:*:*

cpe:2.3:a:freetype:freetype:2.1.6:*:*:*:*:*:*:*

cpe:2.3:a:freetype:freetype:2.1.7:*:*:*:*:*:*:*

cpe:2.3:a:freetype:freetype:2.1.8:*:*:*:*:*:*:*

cpe:2.3:a:freetype:freetype:2.1.8:rc1:*:*:*:*:*:*

cpe:2.3:a:freetype:freetype:2.1.9:*:*:*:*:*:*:*

cpe:2.3:a:freetype:freetype:2.1.10:*:*:*:*:*:*:*

cpe:2.3:a:freetype:freetype:2.2:*:*:*:*:*:*:*

cpe:2.3:a:freetype:freetype:2.2.1:*:*:*:*:*:*:*

cpe:2.3:a:freetype:freetype:2.2.10:*:*:*:*:*:*:*

cpe:2.3:a:freetype:freetype:2.3.0:*:*:*:*:*:*:*

cpe:2.3:a:freetype:freetype:2.3.1:*:*:*:*:*:*:*

cpe:2.3:a:freetype:freetype:2.3.2:*:*:*:*:*:*:*

cpe:2.3:a:freetype:freetype:2.3.3:*:*:*:*:*:*:*

cpe:2.3:a:freetype:freetype:2.3.4:*:*:*:*:*:*:*

cpe:2.3:a:freetype:freetype:2.3.5:*:*:*:*:*:*:*

cpe:2.3:a:freetype:freetype:2.3.6:*:*:*:*:*:*:*

cpe:2.3:a:freetype:freetype:2.3.7:*:*:*:*:*:*:*

cpe:2.3:a:freetype:freetype:2.3.8:*:*:*:*:*:*:*

cpe:2.3:a:freetype:freetype:2.3.9:*:*:*:*:*:*:*

cpe:2.3:a:freetype:freetype:2.3.10:*:*:*:*:*:*:*

cpe:2.3:a:freetype:freetype:2.3.11:*:*:*:*:*:*:*

cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:* versions up to 2.3.12 (inclusive)

Tenable Plugins

View all (22 total)

ID	Name	Product	Family	Severity
75504	openSUSE Security Update : freetype2 (openSUSE-SU-2010:0726-1)	Nessus	SuSE Local Security Checks	high
68108	Oracle Linux 4 / 5 : freetype (ELSA-2010-0737)	Nessus	Oracle Linux Local Security Checks	high
68107	Oracle Linux 3 : freetype (ELSA-2010-0736)	Nessus	Oracle Linux Local Security Checks	high
60890	Scientific Linux Security Update : freetype on SL6.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
60861	Scientific Linux Security Update : freetype on SL3.x, SL4.x, SL5.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
57651	GLSA-201201-09 : FreeType: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
50906	SuSE 11 / 11.1 Security Update : freetype2 (SAT Patch Numbers 3202 / 3203)	Nessus	SuSE Local Security Checks	high
50636	RHEL 6 : freetype (RHSA-2010:0864)	Nessus	Red Hat Local Security Checks	high
50491	Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : freetype vulnerabilities (USN-1013-1)	Nessus	Ubuntu Local Security Checks	high
50437	Fedora 12 : freetype-2.3.11-6.fc12 (2010-15785)	Nessus	Fedora Local Security Checks	high
50026	Fedora 13 : freetype-2.3.11-6.fc13 (2010-15705)	Nessus	Fedora Local Security Checks	high
49994	openSUSE Security Update : freetype2 (openSUSE-SU-2010:0726-1)	Nessus	SuSE Local Security Checks	high
49993	openSUSE Security Update : freetype2 (openSUSE-SU-2010:0726-1)	Nessus	SuSE Local Security Checks	high
49971	Mandriva Linux Security Advisory : freetype2 (MDVSA-2010:201)	Nessus	Mandriva Local Security Checks	high
49969	Fedora 14 : freetype-2.4.2-3.fc14 (2010-15878)	Nessus	Fedora Local Security Checks	high
49855	SuSE 10 Security Update : freetype2 (ZYPP Patch Number 7168)	Nessus	SuSE Local Security Checks	high
49823	SuSE9 Security Update : freetype2 (YOU Patch Number 12656)	Nessus	SuSE Local Security Checks	high
49766	Debian DSA-2116-1 : freetype - integer overflow	Nessus	Debian Local Security Checks	high
49749	RHEL 4 / 5 : freetype (RHSA-2010:0737)	Nessus	Red Hat Local Security Checks	high
49748	RHEL 3 : freetype (RHSA-2010:0736)	Nessus	Red Hat Local Security Checks	high
49716	CentOS 4 / 5 : freetype (CESA-2010:0737)	Nessus	CentOS Local Security Checks	high
49715	CentOS 3 : freetype (CESA-2010:0736)	Nessus	CentOS Local Security Checks	high