FKIE_CVE-2010-1797

Vulnerability from fkie_nvd - Published: 2010-08-16 18:39 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information.
References
product-security@apple.comhttp://freetype.sourceforge.net/index2.html#release-freetype-2.4.2
product-security@apple.comhttp://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=018f5c27813dd7eef4648fe254632ecea0c85a50
product-security@apple.comhttp://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=11d65e8a1f1f14e56148fd991965424d9bd1cdbc
product-security@apple.comhttp://lists.apple.com/archives/security-announce/2010//Aug/msg00000.html
product-security@apple.comhttp://lists.apple.com/archives/security-announce/2010//Aug/msg00001.htmlVendor Advisory
product-security@apple.comhttp://osvdb.org/66828
product-security@apple.comhttp://secunia.com/advisories/40807Vendor Advisory
product-security@apple.comhttp://secunia.com/advisories/40816Vendor Advisory
product-security@apple.comhttp://secunia.com/advisories/40982Vendor Advisory
product-security@apple.comhttp://secunia.com/advisories/48951
product-security@apple.comhttp://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view
product-security@apple.comhttp://support.apple.com/kb/HT4291Vendor Advisory
product-security@apple.comhttp://support.apple.com/kb/HT4292Vendor Advisory
product-security@apple.comhttp://www.exploit-db.com/exploits/14538Exploit
product-security@apple.comhttp://www.f-secure.com/weblog/archives/00002002.html
product-security@apple.comhttp://www.securityfocus.com/bid/42151Exploit
product-security@apple.comhttp://www.ubuntu.com/usn/USN-972-1
product-security@apple.comhttp://www.vupen.com/english/advisories/2010/2018Vendor Advisory
product-security@apple.comhttp://www.vupen.com/english/advisories/2010/2106Vendor Advisory
product-security@apple.comhttps://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019
product-security@apple.comhttps://bugzilla.redhat.com/show_bug.cgi?id=621144
product-security@apple.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/60856
af854a3a-2127-422b-91ae-364da2661108http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2
af854a3a-2127-422b-91ae-364da2661108http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=018f5c27813dd7eef4648fe254632ecea0c85a50
af854a3a-2127-422b-91ae-364da2661108http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=11d65e8a1f1f14e56148fd991965424d9bd1cdbc
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2010//Aug/msg00000.html
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2010//Aug/msg00001.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/66828
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/40807Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/40816Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/40982Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48951
af854a3a-2127-422b-91ae-364da2661108http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT4291Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT4292Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.exploit-db.com/exploits/14538Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.f-secure.com/weblog/archives/00002002.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/42151Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-972-1
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/2018Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/2106Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=621144
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/60856
Impacted products
Vendor Product Version
apple iphone_os 1.0.0
apple iphone_os 1.0.1
apple iphone_os 1.0.1
apple iphone_os 1.0.2
apple iphone_os 1.0.2
apple iphone_os 1.1.0
apple iphone_os 1.1.0
apple iphone_os 1.1.0
apple iphone_os 1.1.1
apple iphone_os 1.1.1
apple iphone_os 1.1.2
apple iphone_os 1.1.2
apple iphone_os 1.1.2
apple iphone_os 1.1.3
apple iphone_os 1.1.3
apple iphone_os 1.1.3
apple iphone_os 1.1.4
apple iphone_os 1.1.4
apple iphone_os 1.1.4
apple iphone_os 1.1.5
apple iphone_os 1.1.5
apple iphone_os 1.1.5
apple iphone_os 2.0
apple iphone_os 2.0.0
apple iphone_os 2.0.0
apple iphone_os 2.0.0
apple iphone_os 2.0.1
apple iphone_os 2.0.1
apple iphone_os 2.0.1
apple iphone_os 2.0.2
apple iphone_os 2.0.2
apple iphone_os 2.0.2
apple iphone_os 2.1
apple iphone_os 2.1
apple iphone_os 2.1
apple iphone_os 2.1.1
apple iphone_os 2.2
apple iphone_os 2.2
apple iphone_os 2.2.1
apple iphone_os 2.2.1
apple iphone_os 2.2.1
apple iphone_os 3.0
apple iphone_os 3.0
apple iphone_os 3.0
apple iphone_os 3.0.1
apple iphone_os 3.0.1
apple iphone_os 3.1
apple iphone_os 3.1
apple iphone_os 3.1
apple iphone_os 3.1.2
apple iphone_os 3.1.2
apple iphone_os 3.1.2
apple iphone_os 3.1.3
apple iphone_os 3.1.3
apple iphone_os 3.2
apple iphone_os 3.2
apple iphone_os 3.2
apple iphone_os 3.2.1
apple iphone_os 3.2.1
apple iphone_os 4.0
apple iphone_os 4.0
apple iphone_os 4.0
apple iphone_os 4.0.1
apple iphone_os 4.0.1
apple iphone_os 4.0.1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7B6D035-38A9-4C0B-9A9D-CAE3BF1CA56D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C5B94E7-2C24-4913-B65E-8D8A0DE2B80B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:1.0.1:-:iphone:*:*:*:*:*",
              "matchCriteriaId": "B669868B-F358-4D5B-9D64-4A462F261553",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E28FB0CB-D636-4F85-B5F7-70EC30053925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:1.0.2:-:iphone:*:*:*:*:*",
              "matchCriteriaId": "A14B31DE-AA3D-4FA2-A4F4-0A6A51AFA7FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EC16D1C-065A-4D1A-BA6E-528A71DF65CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:1.1.0:-:iphone:*:*:*:*:*",
              "matchCriteriaId": "4261E5C1-DC93-437E-B84F-A30380AFDC40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:1.1.0:-:ipodtouch:*:*:*:*:*",
              "matchCriteriaId": "079BB54C-25FD-4B26-B171-368911960F76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:-:iphone:*:*:*:*:*",
              "matchCriteriaId": "DF292FED-19A4-4031-9B1F-151C0146F3B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:-:iphone:*:*:*:*:*",
              "matchCriteriaId": "5183082C-556F-479F-9FC1-42B59BBB840B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:-:ipodtouch:*:*:*:*:*",
              "matchCriteriaId": "AAC3FBF0-F128-412D-9FD5-13BB2EB92DD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "297F9438-0F04-4128-94A8-A504B600929E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:1.1.3:-:iphone:*:*:*:*:*",
              "matchCriteriaId": "2FFCFEA4-C5E2-4C46-B8C3-ADCDBA4B85EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:1.1.3:-:ipodtouch:*:*:*:*:*",
              "matchCriteriaId": "7E7AA027-8CF9-49BD-A000-82880E41D622",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8618621-F871-4531-9F6C-7D60F2BF8B75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:1.1.4:-:iphone:*:*:*:*:*",
              "matchCriteriaId": "4FA51920-223B-4DF4-802C-188F5A8B0563",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:1.1.4:-:ipodtouch:*:*:*:*:*",
              "matchCriteriaId": "4385635D-46F2-4642-9C78-1346DC120492",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "824DED2D-FA1D-46FC-8252-6E25546DAE29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:1.1.5:-:iphone:*:*:*:*:*",
              "matchCriteriaId": "2C63C36E-1997-4F44-80AD-E665CE46A278",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:1.1.5:-:ipodtouch:*:*:*:*:*",
              "matchCriteriaId": "20DAE911-C037-4F10-82A3-EF42D5FB71D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1641DDFA-3BF1-467F-8EC3-98114FF9F07B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF40CDA4-4716-4815-9ED0-093FE266734C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:2.0.0:-:iphone:*:*:*:*:*",
              "matchCriteriaId": "02BFDD6F-B9C3-42BB-A84A-828193FAA137",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:2.0.0:-:ipodtouch:*:*:*:*:*",
              "matchCriteriaId": "0A66D6DC-9A48-4BD6-9E01-0D9FF388457C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D61644E2-7AF5-48EF-B3D5-59C7B2AD1A58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:2.0.1:-:iphone:*:*:*:*:*",
              "matchCriteriaId": "CFD4325B-A86A-4C1B-930F-56C17FB6281D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:2.0.1:-:ipodtouch:*:*:*:*:*",
              "matchCriteriaId": "C59B8C50-BF5D-4E9A-8E5B-99B34E974B5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D06D54D-97FD-49FD-B251-CC86FBA68CA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:2.0.2:-:iphone:*:*:*:*:*",
              "matchCriteriaId": "2904DEFA-7769-43DB-B3D0-B552AE8F06A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:2.0.2:-:ipodtouch:*:*:*:*:*",
              "matchCriteriaId": "D4CE4199-BBF5-4F42-8BBC-BD946079C912",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "25A5D868-0016-44AB-80E6-E5DF91F15455",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:2.1:-:iphone:*:*:*:*:*",
              "matchCriteriaId": "0AD5106E-CD7C-4952-A9B1-5F72D99276E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:2.1:-:ipodtouch:*:*:*:*:*",
              "matchCriteriaId": "34346F55-4972-427B-8F96-780FA91DB95D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C14EEA4-6E35-4EBE-9A43-8F6D69318BA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B15E90AE-2E15-4BC2-B0B8-AFA2B1297B03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:2.2:-:iphone:*:*:*:*:*",
              "matchCriteriaId": "B7235341-983F-4578-98DC-39BC278A7556",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E0C0A8D-3DDD-437A-BB3D-50FAEAF6C440",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:2.2.1:-:iphone:*:*:*:*:*",
              "matchCriteriaId": "BA5C2D75-4019-45EB-8AF9-A850B5349507",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:2.2.1:-:ipodtouch:*:*:*:*:*",
              "matchCriteriaId": "AD136376-331D-494F-9D12-7E631546E8CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "863383DA-0BC6-4A96-835A-A96128EC0202",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:3.0:-:iphone:*:*:*:*:*",
              "matchCriteriaId": "A066B59B-D5C8-4AA8-9CC7-5D34F4AB88AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:3.0:-:ipodtouch:*:*:*:*:*",
              "matchCriteriaId": "F07B3FE7-96B3-493A-A230-5642BA11FBDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CFF5BE7-2BF6-48CE-B74B-B1A05383C10F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:3.0.1:-:ipodtouch:*:*:*:*:*",
              "matchCriteriaId": "9FB0870F-82CF-4C97-BDC6-F0C4BBE7462D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "51D3BE2B-5A01-4AD4-A436-0056B50A535D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:3.1:-:iphone:*:*:*:*:*",
              "matchCriteriaId": "E357722F-4976-4E47-BFB5-709480BAE267",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:3.1:-:ipodtouch:*:*:*:*:*",
              "matchCriteriaId": "F43A6FEC-ECA9-44A4-AD00-FDC6F3990DC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A20F171-79FE-43B9-8309-B18341639FA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:3.1.2:-:iphone:*:*:*:*:*",
              "matchCriteriaId": "7CA92907-90C9-4BD6-8EE8-8FA6298C3D0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:3.1.2:-:ipodtouch:*:*:*:*:*",
              "matchCriteriaId": "52283848-67CC-4E4B-A849-1225F2BCBD9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:3.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "126EF22D-29BC-4366-97BC-B261311E6251",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:3.1.3:-:iphone:*:*:*:*:*",
              "matchCriteriaId": "220590DA-2B6A-4FC9-B456-3053EED9D96E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B3DD7B3-DA4C-4B0A-A94E-6BF66B358B7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:3.2:-:iphone:*:*:*:*:*",
              "matchCriteriaId": "3FE3CDE8-6497-445E-A845-8A1C2A4EDEB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:3.2:-:ipodtouch:*:*:*:*:*",
              "matchCriteriaId": "9E4D3134-28BC-4C30-A9B0-559338FBBDFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:3.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A939B80-0AD0-48AF-81A7-370716F56639",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:3.2.1:-:ipad:*:*:*:*:*",
              "matchCriteriaId": "98C41674-370B-4CF0-817B-3843D93A10DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "12E22AF0-2B66-425A-A1EE-4F0E3B0433E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:4.0:-:iphone:*:*:*:*:*",
              "matchCriteriaId": "954CDDCB-AC22-448D-8ECA-CFA4DBA1BC27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:4.0:-:ipodtouch:*:*:*:*:*",
              "matchCriteriaId": "54FECD66-4216-43FC-9959-B8EA9545449C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB34ECBE-33E8-40E1-936B-7800D2525AE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:4.0.1:-:iphone:*:*:*:*:*",
              "matchCriteriaId": "ECE983F6-A597-4581-A254-80396B54F2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:4.0.1:-:ipodtouch:*:*:*:*:*",
              "matchCriteriaId": "586C0CB3-98E5-4CB3-8F23-27F01233D6C4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de b\u00fafer en la regi\u00f3n ?stack de la memoria en la funci\u00f3n cff_decoder_parse_charstrings en el int\u00e9rprete CFF Type2 CharStrings en el archivo cff/cffgload.c en FreeType anterior a versi\u00f3n  2.4.2, tal y como es usado en iOS de Apple anterior a versi\u00f3n  4.0.2 en el iPhone y iPod touch y anterior a versi\u00f3n 3.2.2 en el iPad, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) por medio de c\u00f3digos CFF  especialmente dise\u00f1ados en fuentes insertadas en un documento PDF, como es demostrado por JailbreakMe. NOTA: algunos de estos detalles son obtenidos de informaci\u00f3n de terceros."
    }
  ],
  "id": "CVE-2010-1797",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-08-16T18:39:40.403",
  "references": [
    {
      "source": "product-security@apple.com",
      "url": "http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=018f5c27813dd7eef4648fe254632ecea0c85a50"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=11d65e8a1f1f14e56148fd991965424d9bd1cdbc"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://lists.apple.com/archives/security-announce/2010//Aug/msg00000.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2010//Aug/msg00001.html"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://osvdb.org/66828"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/40807"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/40816"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/40982"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://secunia.com/advisories/48951"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT4291"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT4292"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/14538"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://www.f-secure.com/weblog/archives/00002002.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/42151"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://www.ubuntu.com/usn/USN-972-1"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2018"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2106"
    },
    {
      "source": "product-security@apple.com",
      "url": "https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019"
    },
    {
      "source": "product-security@apple.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=621144"
    },
    {
      "source": "product-security@apple.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60856"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=018f5c27813dd7eef4648fe254632ecea0c85a50"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=11d65e8a1f1f14e56148fd991965424d9bd1cdbc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2010//Aug/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2010//Aug/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/66828"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/40807"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/40816"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/40982"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48951"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT4291"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT4292"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/14538"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.f-secure.com/weblog/archives/00002002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/42151"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-972-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2018"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2106"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=621144"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60856"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.