Vulnerability Details : CVE-2010-4259
Stack-based buffer overflow in FontForge 20100501 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long CHARSET_REGISTRY header in a BDF font file.
Vulnerability category: OverflowExecute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2010-4259
Probability of exploitation activity in the next 30 days: 16.56%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 95 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-4259
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2010-4259
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-4259
-
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605537
#605537 - CVE-2010-4259: fontforge: buffer overflow when parsing CHARSET_REGISTRY header of .BDF files - Debian Bug report logsExploit;Patch
-
https://bugzilla.redhat.com/show_bug.cgi?id=659359
659359 – (CVE-2010-4259) CVE-2010-4259 FontForge: Stack-based buffer overflow by processing specially-crafted CHARSET_REGISTRY font file headerExploit;Patch
-
http://openwall.com/lists/oss-security/2010/12/02/8
oss-security - Re: CVE Request -- FontForge: Stack-based buffer overflow by processing specially-crafted CHARSET_REGISTRY font file headerExploit
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052201.html
[SECURITY] Fedora 14 Update: fontforge-20100501-5.fc14
-
http://www.debian.org/security/2011/dsa-2253
Debian -- Security Information -- DSA-2253-1 fontforge
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052219.html
[SECURITY] Fedora 13 Update: fontforge-20090923-4.fc13
-
http://www.exploit-db.com/exploits/15732
FontForge - '.BDF' Font File Stack Buffer Overflow (PoC) - Linux dos Exploit
-
http://www.securityfocus.com/bid/45162
FontForge Bitmap Distribution Format (.BDF) Font File Stack-Based Buffer Overflow Vulnerability
-
http://www.vupen.com/english/advisories/2010/3200
Webmail | OVH- OVH
-
http://openwall.com/lists/oss-security/2010/12/02/5
oss-security - CVE Request -- FontForge: Stack-based buffer overflow by processing specially-crafted CHARSET_REGISTRY font file headerExploit
Products affected by CVE-2010-4259
- cpe:2.3:a:alexej_kryukov:fontforge:20100501:*:*:*:*:*:*:*