Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2010-2808

Disclosure Date: August 19, 2010
CVE-2010-2808
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN) font.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

References

Canonical
CVE-2010-2808 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2808)
BID-42285 (http://www.securityfocus.com/bid/42285)
Advisory
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit?id=81f3472c0ba7b8f6466e2e214fa8c1c17fade975
ADV-2010-3045 (http://www.vupen.com/english/advisories/2010/3045)
https://savannah.nongnu.org/bugs?30658
http://support.apple.com/kb/HT4435
https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019
http://support.apple.com/kb/HT4457
ADV-2010-2018 (http://www.vupen.com/english/advisories/2010/2018)
ADV-2010-3046 (http://www.vupen.com/english/advisories/2010/3046)
https://rhn.redhat.com/errata/RHSA-2010-0737.html
USN-972-1 (http://www.ubuntu.com/usn/USN-972-1)
APPLE-SA-2010-11-10-1 (http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html)
[oss-security] 20100806 Re: CVE Request -- FreeType -- Memory corruption flaw by processing certain LWFN fonts + three more (http://marc.info?l=oss-security&m=128111955616772&w=2)
SECUNIA-42317 (http://secunia.com/advisories/42317)
SECUNIA-40816 (http://secunia.com/advisories/40816)
http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2
SECUNIA-42314 (http://secunia.com/advisories/42314)
http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view
http://www.redhat.com/support/errata/RHSA-2010-0864.html
SECUNIA-40982 (http://secunia.com/advisories/40982)
https://bugzilla.redhat.com/show_bug.cgi?id=621907
ADV-2010-2106 (http://www.vupen.com/english/advisories/2010/2106)
[oss-security] 20100806 CVE Request -- FreeType -- Memory corruption flaw by processing certain LWFN fonts (http://marc.info?l=oss-security&m=128110167119337&w=2)
http://support.apple.com/kb/HT4456
APPLE-SA-2010-11-22-1 (http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html)
Miscellaneous
http://marc.info/?l=oss-security&m=128111955616772&w=2
https://access.redhat.com/errata/RHSA-2010:0864
https://access.redhat.com/errata/RHSA-2010:0737
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=81f3472c0ba7b8f6466e2e214fa8c1c17fade975
http://marc.info/?l=oss-security&m=128110167119337&w=2
https://access.redhat.com/security/cve/CVE-2010-2808
https://savannah.nongnu.org/bugs/?30658

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis