CVE-2010-2807 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.8 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:P/I:P/A:P
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 89%

Vendor	Product	Version
freetype	freetype	𝑥 < 2.4.2
canonical	ubuntu_linux	6.06
canonical	ubuntu_linux	8.04
canonical	ubuntu_linux	9.04
canonical	ubuntu_linux	9.10
canonical	ubuntu_linux	10.04
apple	iphone_os	𝑥 < 4.2
apple	mac_os_x	𝑥 < 10.6.5
apple	tvos	𝑥 < 4.1.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

freetype

bullseye	2.10.4+dfsg-1+deb11u1 fixed
bookworm	2.12.1+dfsg-5+deb12u3 fixed
sid	2.13.3+dfsg-1 fixed
trixie	2.13.3+dfsg-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

freetype

lucid	Fixed 2.3.11-1ubuntu2.2 released
karmic	Fixed 2.3.9-5ubuntu0.2 released
jaunty	Fixed 2.3.9-4ubuntu0.3 released
hardy	Fixed 2.3.5-1ubuntu4.8.04.4 released
dapper	Fixed 2.1.10-1ubuntu2.8 released

Common Weakness Enumeration

CWE-681 - Incorrect Conversion between Numeric Types
When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.

References

http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2

http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=346f1867fd32dae8f56e5b482d1af98f626804ac

http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html

http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html

http://marc.info/?l=oss-security&m=128111955616772&w=2

http://secunia.com/advisories/40816

http://secunia.com/advisories/40982

http://secunia.com/advisories/42314

http://secunia.com/advisories/42317

http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view

http://support.apple.com/kb/HT4435

http://support.apple.com/kb/HT4456

http://support.apple.com/kb/HT4457

http://www.securityfocus.com/bid/42285

http://www.ubuntu.com/usn/USN-972-1

http://www.vupen.com/english/advisories/2010/2018

http://www.vupen.com/english/advisories/2010/2106

http://www.vupen.com/english/advisories/2010/3045

http://www.vupen.com/english/advisories/2010/3046

https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019

https://savannah.nongnu.org/bugs/?30657

http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2

http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=346f1867fd32dae8f56e5b482d1af98f626804ac

http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html

http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html

http://marc.info/?l=oss-security&m=128111955616772&w=2

http://secunia.com/advisories/40816

http://secunia.com/advisories/40982

http://secunia.com/advisories/42314

http://secunia.com/advisories/42317

http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view

http://support.apple.com/kb/HT4435

http://support.apple.com/kb/HT4456

http://support.apple.com/kb/HT4457

http://www.securityfocus.com/bid/42285

http://www.ubuntu.com/usn/USN-972-1

http://www.vupen.com/english/advisories/2010/2018

http://www.vupen.com/english/advisories/2010/2106

http://www.vupen.com/english/advisories/2010/3045

http://www.vupen.com/english/advisories/2010/3046

https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019

https://savannah.nongnu.org/bugs/?30657