CVE-2010-3311

EUVD-2010-3309
Integer overflow in base/ftstream.c in libXft (aka the X FreeType library) in FreeType before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Compact Font Format (CFF) font file that triggers a heap-based buffer overflow, related to an "input stream position error" issue, a different vulnerability than CVE-2010-1797.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 89%
Affected Products (NVD)
VendorProductVersion
freetypefreetype
𝑥
≤ 2.3.12
freetypefreetype
1.3.1
freetypefreetype
2.0.6
freetypefreetype
2.0.9
freetypefreetype
2.1
freetypefreetype
2.1.3
freetypefreetype
2.1.4
freetypefreetype
2.1.5
freetypefreetype
2.1.6
freetypefreetype
2.1.7
freetypefreetype
2.1.8
freetypefreetype
2.1.8:rc1
freetypefreetype
2.1.9
freetypefreetype
2.1.10
freetypefreetype
2.2.0
freetypefreetype
2.2.1
freetypefreetype
2.2.10
freetypefreetype
2.3.0
freetypefreetype
2.3.1
freetypefreetype
2.3.2
freetypefreetype
2.3.3
freetypefreetype
2.3.4
freetypefreetype
2.3.5
freetypefreetype
2.3.6
freetypefreetype
2.3.7
freetypefreetype
2.3.8
freetypefreetype
2.3.9
freetypefreetype
2.3.10
freetypefreetype
2.3.11
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
freetype
bookworm
2.12.1+dfsg-5+deb12u3
fixed
bullseye
2.10.4+dfsg-1+deb11u1
fixed
sid
2.13.3+dfsg-1
fixed
trixie
2.13.3+dfsg-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
freetype
dapper
Fixed 2.1.10-1ubuntu2.10
released
hardy
Fixed 2.3.5-1ubuntu4.8.04.6
released
jaunty
ignored
karmic
Fixed 2.3.9-5ubuntu0.4
released
lucid
Fixed 2.3.11-1ubuntu2.4
released
maverick
not-affected
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
http://secunia.com/advisories/48951
http://www.debian.org/security/2010/dsa-2116
http://www.mandriva.com/security/advisories?name=MDVSA-2010:201
http://www.redhat.com/support/errata/RHSA-2010-0864.html
http://www.securityfocus.com/bid/43700
http://www.ubuntu.com/usn/USN-1013-1
https://bugzilla.redhat.com/show_bug.cgi?id=623625
https://rhn.redhat.com/errata/RHSA-2010-0736.html
https://rhn.redhat.com/errata/RHSA-2010-0737.html
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
http://secunia.com/advisories/48951
http://www.debian.org/security/2010/dsa-2116
http://www.mandriva.com/security/advisories?name=MDVSA-2010:201
http://www.redhat.com/support/errata/RHSA-2010-0864.html
http://www.securityfocus.com/bid/43700
http://www.ubuntu.com/usn/USN-1013-1
https://bugzilla.redhat.com/show_bug.cgi?id=623625
https://rhn.redhat.com/errata/RHSA-2010-0736.html
https://rhn.redhat.com/errata/RHSA-2010-0737.html