AppleCVELIST:CVE-2010-1797CVE-2010-1797
Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information.
References
freetype.sourceforge.net/index2.html#release-freetype-2.4.2
git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=018f5c27813dd7eef4648fe254632ecea0c85a50
git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=11d65e8a1f1f14e56148fd991965424d9bd1cdbc
lists.apple.com/archives/security-announce/2010//Aug/msg00000.html
lists.apple.com/archives/security-announce/2010//Aug/msg00001.html
osvdb.org/66828
secunia.com/advisories/40807
secunia.com/advisories/40816
secunia.com/advisories/40982
secunia.com/advisories/48951
sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view
support.apple.com/kb/HT4291
support.apple.com/kb/HT4292
www.exploit-db.com/exploits/14538
www.f-secure.com/weblog/archives/00002002.html
www.securityfocus.com/bid/42151
www.ubuntu.com/usn/USN-972-1
www.vupen.com/english/advisories/2010/2018
www.vupen.com/english/advisories/2010/2106
bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019
bugzilla.redhat.com/show_bug.cgi?id=621144
exchange.xforce.ibmcloud.com/vulnerabilities/60856
Related
