{"id":"CVE-2010-2519","details":"Heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted length value in a POST fragment header in a font file.","modified":"2026-04-10T03:41:19.423510Z","published":"2010-08-19T18:00:04Z","references":[{"type":"ADVISORY","url":"http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=5ef20c8c1d4de12a84b50ba497c2a358c90ec44b"},{"type":"ADVISORY","url":"http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=b2ea64bcc6c385a8e8318f9c759450a07df58b6d"},{"type":"ADVISORY","url":"http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"},{"type":"ADVISORY","url":"http://lists.nongnu.org/archive/html/freetype/2010-07/msg00001.html"},{"type":"ADVISORY","url":"http://marc.info/?l=oss-security&m=127905701201340&w=2"},{"type":"ADVISORY","url":"http://marc.info/?l=oss-security&m=127909326909362&w=2"},{"type":"ADVISORY","url":"http://secunia.com/advisories/48951"},{"type":"ADVISORY","url":"http://securitytracker.com/id?1024266"},{"type":"ADVISORY","url":"http://www.debian.org/security/2010/dsa-2070"},{"type":"ADVISORY","url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:137"},{"type":"ADVISORY","url":"http://www.redhat.com/support/errata/RHSA-2010-0578.html"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-963-1"},{"type":"ADVISORY","url":"https://bugzilla.redhat.com/show_bug.cgi?id=613194"},{"type":"ADVISORY","url":"https://savannah.nongnu.org/bugs/?30306"},{"type":"ARTICLE","url":"http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"},{"type":"ARTICLE","url":"http://lists.nongnu.org/archive/html/freetype/2010-07/msg00001.html"},{"type":"ARTICLE","url":"http://marc.info/?l=oss-security&m=127905701201340&w=2"},{"type":"ARTICLE","url":"http://marc.info/?l=oss-security&m=127909326909362&w=2"},{"type":"EVIDENCE","url":"https://savannah.nongnu.org/bugs/?30306"},{"type":"FIX","url":"http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=5ef20c8c1d4de12a84b50ba497c2a358c90ec44b"},{"type":"FIX","url":"http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=b2ea64bcc6c385a8e8318f9c759450a07df58b6d"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=613194"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=613194"},{"type":"REPORT","url":"https://savannah.nongnu.org/bugs/?30306"},{"type":"WEB","url":"http://support.apple.com/kb/HT4435"}],"schema_version":"1.7.5"}