Vulnerability Details CVE-2010-3054
Unspecified vulnerability in FreeType 2.3.9, and other versions before 2.4.2, allows remote attackers to cause a denial of service via vectors involving nested Standard Encoding Accented Character (aka seac) calls, related to psaux.h, cffgload.c, cffgload.h, and t1decode.c.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.039
EPSS Ranking 87.8%
CVSS Severity
CVSS v2 Score 5.0
References
- http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
- http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
- http://secunia.com/advisories/42314
- http://secunia.com/advisories/42317
- http://secunia.com/advisories/48951
- http://support.apple.com/kb/HT4435
- http://support.apple.com/kb/HT4456
- http://support.apple.com/kb/HT4457
- http://www.securityfocus.com/bid/42621
- http://www.vupen.com/english/advisories/2010/3045
- http://www.vupen.com/english/advisories/2010/3046
- https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019
- https://rhn.redhat.com/errata/RHSA-2010-0736.html
- https://rhn.redhat.com/errata/RHSA-2010-0737.html
- http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
- http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
- http://secunia.com/advisories/42314
- http://secunia.com/advisories/42317
- http://secunia.com/advisories/48951
- http://support.apple.com/kb/HT4435
- http://support.apple.com/kb/HT4456
- http://support.apple.com/kb/HT4457
- http://www.securityfocus.com/bid/42621
- http://www.vupen.com/english/advisories/2010/3045
- http://www.vupen.com/english/advisories/2010/3046
- https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019
- https://rhn.redhat.com/errata/RHSA-2010-0736.html
- https://rhn.redhat.com/errata/RHSA-2010-0737.html
Products affected by CVE-2010-3054
-
cpe:2.3:a:freetype:freetype:2.3.10
-
cpe:2.3:a:freetype:freetype:2.3.11
-
cpe:2.3:a:freetype:freetype:2.3.12
-
cpe:2.3:a:freetype:freetype:2.3.9
-
cpe:2.3:a:freetype:freetype:2.4.0
-
cpe:2.3:a:freetype:freetype:2.4.1