Vulnerability Details : CVE-2010-2500
Integer overflow in the gray_render_span function in smooth/ftgrays.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.
Vulnerability category: OverflowExecute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2010-2500
Probability of exploitation activity in the next 30 days: 1.56%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 87 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-2500
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2010-2500
-
The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-2500
-
http://marc.info/?l=oss-security&m=127909326909362&w=2
'Re: [oss-security] Multiple bugs in freetype' - MARCMailing List;Third Party Advisory
-
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
Apple - Lists.apple.comMailing List;Third Party Advisory
-
https://savannah.nongnu.org/bugs/?30263
The FreeType Project - Bugs: bug #30263, SIGSEGV under certain conditions... [Savannah]Issue Tracking;Third Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2010-0578.html
SupportThird Party Advisory
-
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=6305b869d86ff415a33576df6d43729673c66eee
freetype/freetype2.git - The FreeType 2 libraryPatch;Third Party Advisory
-
http://marc.info/?l=oss-security&m=127905701201340&w=2
'[oss-security] Multiple bugs in freetype' - MARCMailing List;Third Party Advisory
-
http://www.ubuntu.com/usn/USN-963-1
USN-963-1: FreeType vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=613167
613167 – (CVE-2010-2500) CVE-2010-2500 freetype: integer overflow vulnerability in smooth/ftgrays.cIssue Tracking;Patch;Third Party Advisory
-
http://support.apple.com/kb/HT4435
We're sorry.Broken Link
-
http://www.debian.org/security/2010/dsa-2070
Debian -- Security Information -- DSA-2070-1 freetypeThird Party Advisory
-
http://lists.nongnu.org/archive/html/freetype/2010-07/msg00001.html
[ft] FreeType 2.4.0 has been releasedMailing List;Release Notes;Third Party Advisory
-
http://securitytracker.com/id?1024266
FreeType 2 Font File Processing Errors Let Remote Users Execute Arbitrary Code - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.redhat.com/support/errata/RHSA-2010-0577.html
SupportThird Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2010:137
mandriva.comThird Party Advisory
Products affected by CVE-2010-2500
- cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
- cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*