Home > Vulnerability Database > CVE-2010-1797

Mend.io Vulnerability Database

CVE-2010-1797

Date: August 16, 2010

Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information.

Severity Score

8.1

Related Resources (25)

Url: http://secunia.com/advisories/40816

Url: http://www.securityfocus.com/bid/42151

Url: http://lists.apple.com/archives/security-announce/2010//Aug/msg00001.html

Url: http://support.apple.com/kb/HT4291

Url: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=018f5c27813dd7eef4648fe254632ecea0c85a50

Url: http://secunia.com/advisories/40807

Url: http://www.f-secure.com/weblog/archives/00002002.html

Url: http://lists.apple.com/archives/security-announce/2010//Aug/msg00000.html

Url: http://www.ubuntu.com/usn/USN-972-1

Url: https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019

Url: http://osvdb.org/66828

Url: http://support.apple.com/kb/HT4292

Url: http://www.vupen.com/english/advisories/2010/2018

Url: http://www.vupen.com/english/advisories/2010/2106

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/60856

Url: http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view

Url: http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2

Url: https://access.redhat.com/security/cve/CVE-2010-1797

Url: http://www.exploit-db.com/exploits/14538

Url: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=11d65e8a1f1f14e56148fd991965424d9bd1cdbc

Url: https://nvd.nist.gov/vuln/detail/CVE-2010-1797

Url: http://secunia.com/advisories/48951

Url: https://bugzilla.redhat.com/show_bug.cgi?id=621144

Url: http://secunia.com/advisories/40982

Url: https://www.mend.io/vulnerability-database/CVE-2010-1797

Severity Score

8.1

Weakness Type (CWE)

Buffer Errors

CWE-119

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	9.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2010-1797

Date: August 16, 2010

Severity Score

Related Resources (25)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?