CVE-2010-3814medium
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c in FreeType 2.4.3 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted SHZ bytecode instruction, related to TrueType opcodes, as demonstrated by a PDF document with a crafted embedded font.
References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=602221
http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
http://secunia.com/advisories/42314
http://secunia.com/advisories/43138
http://secunia.com/advisories/48951
http://security-tracker.debian.org/tracker/CVE-2010-3814
http://support.apple.com/kb/HT4456
http://support.apple.com/kb/HT4581
http://www.debian.org/security/2011/dsa-2155
http://www.mandriva.com/security/advisories?name=MDVSA-2010:236
http://www.securityfocus.com/bid/44643
http://www.securitytracker.com/id?1024767
http://www.ubuntu.com/usn/USN-1013-1
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:freetype:freetype:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.0.9:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1.4:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1.5:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1.6:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1.7:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1.8:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1.8:rc1:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1.9:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1.10:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.2.10:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.5:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.6:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.7:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.8:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.9:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.10:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.11:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.12:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.4.0:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.4.2:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:* versions up to 2.4.3 (inclusive)
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 75505 | openSUSE Security Update : freetype2 (openSUSE-SU-2011:0361-1) | Nessus | SuSE Local Security Checks | medium |
| 57651 | GLSA-201201-09 : FreeType: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | high |
| 57197 | SuSE 10 Security Update : freetype2 (ZYPP Patch Number 7399) | Nessus | SuSE Local Security Checks | medium |
| 53723 | openSUSE Security Update : freetype2 (openSUSE-SU-2011:0361-1) | Nessus | SuSE Local Security Checks | medium |
| 53487 | SuSE 10 Security Update : freetype2 (ZYPP Patch Number 7366) | Nessus | SuSE Local Security Checks | medium |
| 53313 | SuSE 11.1 Security Update : freetype2 (SAT Patch Number 4089) | Nessus | SuSE Local Security Checks | medium |
| 52754 | Mac OS X 10.6.x < 10.6.7 Multiple Vulnerabilities | Nessus | MacOS X Local Security Checks | high |
| 52753 | Mac OS X Multiple Vulnerabilities (Security Update 2011-001) | Nessus | MacOS X Local Security Checks | high |
| 800796 | Mac OS X 10.6 < 10.6.7 Multiple Vulnerabilities | Log Correlation Engine | Operating System Detection | high |
| 5826 | Mac OS X 10.6 < 10.6.7 Multiple Vulnerabilities | Nessus Network Monitor | Generic | critical |
| 51828 | Debian DSA-2155-1 : freetype - several vulnerabilities | Nessus | Debian Local Security Checks | medium |
| 5715 | Apple iOS < 4.2 Multiple Vulnerabilities | Nessus Network Monitor | Mobile Devices | critical |
| 50608 | Mandriva Linux Security Advisory : freetype2 (MDVSA-2010:236) | Nessus | Mandriva Local Security Checks | medium |
| 50491 | Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : freetype vulnerabilities (USN-1013-1) | Nessus | Ubuntu Local Security Checks | high |