Vulnerability Details : CVE-2010-3054
Unspecified vulnerability in FreeType 2.3.9, and other versions before 2.4.2, allows remote attackers to cause a denial of service via vectors involving nested Standard Encoding Accented Character (aka seac) calls, related to psaux.h, cffgload.c, cffgload.h, and t1decode.c.
Vulnerability category: Denial of service
Exploit prediction scoring system (EPSS) score for CVE-2010-3054
Probability of exploitation activity in the next 30 days: 9.38%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 94 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-3054
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
References for CVE-2010-3054
-
http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
Apple - Lists.apple.com
-
https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019
Bug #617019 “FreeType security fixes in 2.4.2” : Maverick (10.10) : Bugs : freetype package : Ubuntu
-
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
Apple - Lists.apple.com
-
https://rhn.redhat.com/errata/RHSA-2010-0737.html
RHSA-2010:0737 - Security Advisory - Red Hat Customer Portal
-
https://rhn.redhat.com/errata/RHSA-2010-0736.html
RHSA-2010:0736 - Security Advisory - Red Hat Customer Portal
-
http://support.apple.com/kb/HT4456
About the security content of iOS 4.2 - Apple Support
-
http://www.vupen.com/english/advisories/2010/3045
Webmail | OVH- OVH
-
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2010:019
-
http://support.apple.com/kb/HT4457
About the security content of Apple TV software update 4.1 - Apple Support
-
http://support.apple.com/kb/HT4435
We're sorry.
-
http://www.vupen.com/english/advisories/2010/3046
Webmail | OVH- OVH
-
http://www.securityfocus.com/bid/42621
FreeType 'seac' Calls Multiple Remote Denial of Service Vulnerabilities
Products affected by CVE-2010-3054
- cpe:2.3:a:freetype:freetype:2.3.9:*:*:*:*:*:*:*
- cpe:2.3:a:freetype:freetype:2.3.10:*:*:*:*:*:*:*
- cpe:2.3:a:freetype:freetype:2.3.11:*:*:*:*:*:*:*
- cpe:2.3:a:freetype:freetype:2.3.12:*:*:*:*:*:*:*
- cpe:2.3:a:freetype:freetype:2.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:freetype:freetype:2.4.1:*:*:*:*:*:*:*