What is the severity of CVE-2016-10244?

CVE-2016-10244 is classified with a medium severity score due to its potential for causing denial of service through heap-based buffer over-read.

How do I fix CVE-2016-10244?

To mitigate CVE-2016-10244, upgrade FreeType to version 2.7.1 or later, or apply relevant patches that address this vulnerability.

What causes the vulnerability CVE-2016-10244?

CVE-2016-10244 occurs due to the parse_charstrings function failing to verify that a font file contains a glyph name, leading to buffer over-read issues.

Which products are affected by CVE-2016-10244?

CVE-2016-10244 affects FreeType versions prior to 2.7.1, and may also impact certain versions of Android and Debian Linux.

Can CVE-2016-10244 lead to system exploitation?

While CVE-2016-10244 primarily poses a risk of denial of service, it could potentially allow for further exploitation depending on the attack vector.

Vulnerability/
CVE-2016-10244

high

7.8

CWE

125

6/3/2017

26/8/2024

CVE-2016-10244

First published: Mon Mar 06 2017(Updated: )

The parse_charstrings function in type1/t1load.c in FreeType 2 before 2.7 does not ensure that a font contains a glyph name, which allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted file.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
FreeType	<2.7.1
Debian GNU/Linux	=8.0
Android

Remedy

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-10244?
CVE-2016-10244 is classified with a medium severity score due to its potential for causing denial of service through heap-based buffer over-read.
How do I fix CVE-2016-10244?
To mitigate CVE-2016-10244, upgrade FreeType to version 2.7.1 or later, or apply relevant patches that address this vulnerability.
What causes the vulnerability CVE-2016-10244?
CVE-2016-10244 occurs due to the parse_charstrings function failing to verify that a font file contains a glyph name, leading to buffer over-read issues.
Which products are affected by CVE-2016-10244?
CVE-2016-10244 affects FreeType versions prior to 2.7.1, and may also impact certain versions of Android and Debian Linux.
Can CVE-2016-10244 lead to system exploitation?
While CVE-2016-10244 primarily poses a risk of denial of service, it could potentially allow for further exploitation depending on the attack vector.

agent/type
agent/references
agent/author
agent/severity
agent/weakness
agent/remedy
agent/description
collector/mitre-cve
source/MITRE
agent/first-publish-date
agent/last-modified-date
agent/event
agent/source
collector/nvd-index
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
collector/android-source
source/Android
agent/software-canonical-lookup
vendor/freetype
canonical/freetype
vendor/debian
canonical/debian gnu/linux
version/debian gnu/linux/8.0
vendor/google
canonical/android

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.