Vulnerability Details : CVE-2010-3855
Buffer overflow in the ft_var_readpackedpoints function in truetype/ttgxvar.c in FreeType 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TrueType GX font.
Vulnerability category: OverflowExecute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2010-3855
Probability of exploitation activity in the next 30 days: 17.43%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 95 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-3855
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2010-3855
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-3855
-
http://support.apple.com/kb/HT4581
About the security content of Mac OS X v10.6.7 and Security Update 2011-001 - Apple Support
-
http://www.mandriva.com/security/advisories?name=MDVSA-2010:235
mandriva.com
-
http://www.vupen.com/english/advisories/2010/3037
Webmail | OVH- OVH
-
http://www.mandriva.com/security/advisories?name=MDVSA-2010:236
mandriva.com
-
http://support.apple.com/kb/HT4802
About the security content of iOS 4.3.4 Software Update - Apple Support
-
http://support.apple.com/kb/HT4565
About the security content of Apple TV 4.2 - Apple Support
-
http://www.vupen.com/english/advisories/2011/0246
Webmail | OVH- OVH
-
http://www.ubuntu.com/usn/USN-1013-1
USN-1013-1: FreeType vulnerabilities | Ubuntu security notices
-
http://support.avaya.com/css/P8/documents/100122733
ASA-2010-344 (RHSA-2010-0889)
-
http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html
Apple - Lists.apple.com
-
https://savannah.nongnu.org/bugs/?31310
The FreeType Project - Bugs: bug #31310, ft_var_readpackedpoints() buffer... [Savannah]
-
http://lists.apple.com/archives/security-announce/2011//Jul/msg00001.html
Apple - Lists.apple.com
-
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=602221
#602221 - freetype: CVE-2010-3855 and CVE-2010-3814 - Debian Bug report logs
-
http://www.redhat.com/support/errata/RHSA-2010-0889.html
Support
-
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=59eb9f8cfe7d1df379a2318316d1f04f80fba54a
freetype/freetype2.git - The FreeType 2 library
-
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
Apple - Lists.apple.com
-
http://www.securitytracker.com/id?1024745
FreeType Buffer Overflow in ft_var_readpackedpoints() Lets Remote Users Execute Arbitrary Code - SecurityTracker
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051251.html
[SECURITY] Fedora 12 Update: freetype-2.3.11-7.fc12
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051231.html
[SECURITY] Fedora 13 Update: freetype-2.3.11-7.fc13
-
http://lists.apple.com/archives/security-announce/2011//Jul/msg00000.html
Apple - Lists.apple.com
-
http://support.apple.com/kb/HT4803
About the security content of iOS 4.2.9 Software Update for iPhone - Apple Support
-
http://support.apple.com/kb/HT4564
About the security content of iOS 4.3 - Apple Support
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050965.html
[SECURITY] Fedora 14 Update: freetype-2.4.2-4.fc14
-
http://www.securityfocus.com/bid/44214
FreeType 'ft_var_readpackedpoints()' Buffer Overflow Vulnerability
-
http://lists.apple.com/archives/security-announce/2011//Mar/msg00005.html
Apple - Lists.apple.com
-
http://www.debian.org/security/2011/dsa-2155
Debian -- Security Information -- DSA-2155-1 freetype
Products affected by CVE-2010-3855
- cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:*
- cpe:2.3:a:freetype:freetype:2.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:freetype:freetype:2.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:freetype:freetype:2.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:freetype:freetype:2.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:freetype:freetype:2.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:freetype:freetype:2.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:freetype:freetype:2.1.10:*:*:*:*:*:*:*
- cpe:2.3:a:freetype:freetype:2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:freetype:freetype:2.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:freetype:freetype:2.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:freetype:freetype:2.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:freetype:freetype:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:freetype:freetype:2.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:freetype:freetype:2.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:freetype:freetype:2.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:freetype:freetype:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:freetype:freetype:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:freetype:freetype:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:freetype:freetype:2.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:freetype:freetype:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:freetype:freetype:2.3.8:*:*:*:*:*:*:*
- cpe:2.3:a:freetype:freetype:2.3.9:*:*:*:*:*:*:*
- cpe:2.3:a:freetype:freetype:2.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:freetype:freetype:2.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:freetype:freetype:2.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:freetype:freetype:2.3.10:*:*:*:*:*:*:*
- cpe:2.3:a:freetype:freetype:2.3.11:*:*:*:*:*:*:*
- cpe:2.3:a:freetype:freetype:2.3.12:*:*:*:*:*:*:*
- cpe:2.3:a:freetype:freetype:2.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:freetype:freetype:2.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:freetype:freetype:2.4.2:*:*:*:*:*:*:*