CVE-2010-2498
First published: Fri Jul 09 2010(Updated: )
Robert Swiecki reported an invalid free flaw, that could possibly corrupt the heap, in freetype. This could cause applications linked against freetype to crash (SIGABRT) or, possibly, lead to the execution of arbitrary code if an attacker were able to get a victim to load a malicious font file. The affected code is not present in Red Hat Enterprise Linux 3 (freetype 2.1.4). In Red Hat Enterprise Linux 4 and 5 this code is present, but does not cause a crash. This issue has been given the name <a href="https://access.redhat.com/security/cve/CVE-2010-2498">CVE-2010-2498</a>. Upstream bug report: <a href="http://savannah.nongnu.org/bugs/index.php?30106">http://savannah.nongnu.org/bugs/index.php?30106</a> Upstream commit that fixes the issue: <a href="http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8d22746c9e5af80ff4304aef440986403a5072e2">http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8d22746c9e5af80ff4304aef440986403a5072e2</a> Acknowledgements: Red Hat would like to thank Robert Święcki of the Google Security Team for the discovery of this issue.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Freetype Freetype | <2.4.0 | |
| Canonical Ubuntu Linux | =9.04 | |
| Canonical Ubuntu Linux | =9.10 | |
| Canonical Ubuntu Linux | =8.04 | |
| Canonical Ubuntu Linux | =10.04 | |
| Canonical Ubuntu Linux | =6.06 | |
| Apple Mac OS X | <10.6.5 | |
| Debian Debian Linux | =5.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.debian.org/security/2010/dsa-2070
- http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8d22746c9e5af80ff4304aef440986403a5072e2
- http://marc.info/?l=oss-security&m=127909326909362&w=2
- https://bugzilla.redhat.com/show_bug.cgi?id=613160
- https://savannah.nongnu.org/bugs/?30106
- http://www.redhat.com/support/errata/RHSA-2010-0578.html
- http://www.ubuntu.com/usn/USN-963-1
- http://marc.info/?l=oss-security&m=127905701201340&w=2
- http://securitytracker.com/id?1024266
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:137
- http://lists.nongnu.org/archive/html/freetype/2010-07/msg00001.html
- http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
- http://support.apple.com/kb/HT4435
- http://secunia.com/advisories/48951
- https://access.redhat.com/security/cve/CVE-2010-2498
- http://savannah.nongnu.org/bugs/index.php?30106
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=613299
- https://rhn.redhat.com/errata/RHSA-2010-0578.html
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/description
- agent/tags
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-2498
- vendor/freetype
- canonical/freetype freetype
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/9.04
- version/canonical ubuntu linux/9.10
- version/canonical ubuntu linux/8.04
- version/canonical ubuntu linux/10.04
- version/canonical ubuntu linux/6.06
- vendor/apple
- canonical/apple mac os x
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/5.0