CVE-2010-2527

Опубликовано: 19 авг. 2010

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

Multiple buffer overflows in demo programs in FreeType before 2.4.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.

Ссылки

http://git.savannah.gnu.org/cgit/freetype/freetype2-demos.git/commit/?id=b995299b73ba4cd259f221f500d4e63095508bec
Patch
Third Party Advisory
http://lists.nongnu.org/archive/html/freetype/2010-07/msg00001.html
Mailing List
Release Notes
Third Party Advisory
http://marc.info/?l=oss-security&m=127912955808467&w=2
Mailing List
Third Party Advisory
http://savannah.nongnu.org/bugs/?30054
Issue Tracking
Third Party Advisory
http://secunia.com/advisories/48951
Third Party Advisory
http://securitytracker.com/id?1024266
Third Party Advisory
VDB Entry
http://www.debian.org/security/2010/dsa-2070
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0577.html
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0578.html
Third Party Advisory
http://www.ubuntu.com/usn/USN-963-1
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=614557
Issue Tracking
Patch
Third Party Advisory
http://git.savannah.gnu.org/cgit/freetype/freetype2-demos.git/commit/?id=b995299b73ba4cd259f221f500d4e63095508bec
Patch
Third Party Advisory
http://lists.nongnu.org/archive/html/freetype/2010-07/msg00001.html
Mailing List
Release Notes
Third Party Advisory
http://marc.info/?l=oss-security&m=127912955808467&w=2
Mailing List
Third Party Advisory
http://savannah.nongnu.org/bugs/?30054
Issue Tracking
Third Party Advisory
http://secunia.com/advisories/48951
Third Party Advisory
http://securitytracker.com/id?1024266
Third Party Advisory
VDB Entry
http://www.debian.org/security/2010/dsa-2070
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0577.html
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0578.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:*

Версия до 2.4.0 (исключая)

Конфигурация 2

cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*

EPSS

Процентиль: 84%

0.02329

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-120

Связанные уязвимости

CVE-2010-2527

ubuntu

почти 15 лет назад

Multiple buffer overflows in demo programs in FreeType before 2.4.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.

CVE-2010-2527

redhat

около 15 лет назад

Multiple buffer overflows in demo programs in FreeType before 2.4.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.

CVE-2010-2527

debian

почти 15 лет назад

Multiple buffer overflows in demo programs in FreeType before 2.4.0 al ...

GHSA-mc88-pmhf-w5pc

github

около 3 лет назад

Multiple buffer overflows in demo programs in FreeType before 2.4.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.

ELSA-2010-0578

oracle-oval

почти 15 лет назад

ELSA-2010-0578: freetype security update (IMPORTANT)

EPSS

Процентиль: 84%

0.02329

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-120