{"id":"CVE-2010-2805","details":"The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.","modified":"2026-04-10T03:41:21.194435Z","published":"2010-08-19T18:00:04Z","related":["openSUSE-SU-2024:10172-1","openSUSE-SU-2024:10438-1"],"references":[{"type":"ADVISORY","url":"http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2"},{"type":"ADVISORY","url":"http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=45a3c76b547511fa9d97aca34b150a0663257375"},{"type":"ADVISORY","url":"http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"},{"type":"ADVISORY","url":"http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"},{"type":"ADVISORY","url":"http://marc.info/?l=oss-security&m=128111955616772&w=2"},{"type":"ADVISORY","url":"http://secunia.com/advisories/40816"},{"type":"ADVISORY","url":"http://secunia.com/advisories/40982"},{"type":"ADVISORY","url":"http://secunia.com/advisories/42314"},{"type":"ADVISORY","url":"http://secunia.com/advisories/42317"},{"type":"ADVISORY","url":"http://secunia.com/advisories/48951"},{"type":"ADVISORY","url":"http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view"},{"type":"ADVISORY","url":"http://support.apple.com/kb/HT4456"},{"type":"ADVISORY","url":"http://support.apple.com/kb/HT4457"},{"type":"ADVISORY","url":"http://www.redhat.com/support/errata/RHSA-2010-0864.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/42285"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-972-1"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2010/2018"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2010/2106"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2010/3045"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2010/3046"},{"type":"ADVISORY","url":"https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019"},{"type":"ADVISORY","url":"https://savannah.nongnu.org/bugs/?30644"},{"type":"ARTICLE","url":"http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"},{"type":"ARTICLE","url":"http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"},{"type":"ARTICLE","url":"http://marc.info/?l=oss-security&m=128111955616772&w=2"},{"type":"EVIDENCE","url":"https://savannah.nongnu.org/bugs/?30644"},{"type":"FIX","url":"http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=45a3c76b547511fa9d97aca34b150a0663257375"},{"type":"FIX","url":"http://marc.info/?l=oss-security&m=128111955616772&w=2"},{"type":"REPORT","url":"https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019"},{"type":"REPORT","url":"https://savannah.nongnu.org/bugs/?30644"},{"type":"WEB","url":"http://support.apple.com/kb/HT4435"}],"schema_version":"1.7.5"}