SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information

Report a Vulnerability

 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#275247

FreeType 2 CFF font stack corruption vulnerability

Overview

FreeType 2 contains a vulnerability in the processing of CFF fonts, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

I. Description

FreeType is a font engine that can open and process font files. FreeType 2 includes the ability to handle a number of font types, including Compact Font Format (CFF). FreeType is used by a number of applications, including PDF readers, web browsers, and other applications. FreeType 2 contains a flaw in the handling of some CFF opcodes, which can result in stack corruption. This can allow arbitrary code execution.

This vulnerability is being used in the iPhone PDF JailBreak exploit.

II. Impact

By causing an application that uses FreeType to parse a specially-crafted CFF font, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. This can occur as the result of opening a PDF document or viewing a web page.

III. Solution

Apply an update

This vulnerability is fixed in the FreeType source tree. Please check with your vendor for an update.

Vendor Information

VendorStatusDate NotifiedDate Updated
Apple Inc.Affected2010-08-042010-08-11
Conectiva Inc.Unknown2010-08-102010-08-10
Cray Inc.Unknown2010-08-102010-08-10
Debian GNU/LinuxAffected2010-08-102010-08-11
DragonFly BSD ProjectUnknown2010-08-102010-08-10
EMC CorporationUnknown2010-08-102010-08-10
Engarde Secure LinuxUnknown2010-08-102010-08-10
F5 Networks, Inc.Affected2010-08-102010-08-11
Fedora ProjectUnknown2010-08-102010-08-10
Foxit Software CompanyAffected2010-08-062010-08-06
FreeBSD ProjectUnknown2010-08-102010-08-10
FujitsuUnknown2010-08-102010-08-10
Gentoo LinuxAffected2010-08-102010-08-11
GoogleNot Affected2010-09-102010-09-14
Hewlett-Packard CompanyUnknown2010-08-102010-08-10
HitachiUnknown2010-08-102010-08-10
IBM CorporationUnknown2010-08-102010-08-10
IBM Corporation (zseries)Unknown2010-08-102010-08-10
IBM eServerUnknown2010-08-102010-08-10
InfobloxUnknown2010-08-102010-08-10
Juniper Networks, Inc.Not Affected2010-08-102010-08-23
Mandriva S. A.Unknown2010-08-102010-08-10
Microsoft CorporationUnknown2010-08-102010-08-10
MontaVista Software, Inc.Unknown2010-08-102010-08-10
NEC CorporationUnknown2010-08-102010-08-10
NetBSDUnknown2010-08-102010-08-10
NokiaUnknown2010-08-102010-08-10
Novell, Inc.Unknown2010-08-102010-08-10
Openwall GNU/*/LinuxNot Affected2010-08-102010-08-23
QNX Software Systems Inc.Unknown2010-08-102010-08-10
Red Hat, Inc.Affected2010-08-05
SafeNetUnknown2010-08-102010-08-10
Silicon Graphics, Inc.Unknown2010-08-102010-08-10
Slackware Linux Inc.Unknown2010-08-102010-08-10
Sony CorporationUnknown2010-08-102010-08-10
Sun Microsystems, Inc.Unknown2010-08-102010-08-10
SUSE LinuxAffected2010-08-102010-09-10
The SCO GroupUnknown2010-08-102010-08-10
TurbolinuxUnknown2010-08-102010-08-10
UbuntuUnknown2010-08-102010-08-10
UnisysUnknown2010-08-102010-08-10
Wind River Systems, Inc.Affected2010-08-102010-08-11

References

http://www.securityfocus.com/bid/42241
http://secunia.com/advisories/40816
http://securitytracker.com/alerts/2010/Aug/1024283.html
https://rhn.redhat.com/errata/RHSA-2010-0607.html
http://support.apple.com/kb/HT4291
http://support.apple.com/kb/HT4292
http://www.f-secure.com/weblog/archives/00002002.html
http://www.foxitsoftware.com/pdf/reader/security_bulletins.php#iphone

Credit

This vulnerability was discovered being exploited in the wild. Additional analysis was performed by Braden Thomas of Apple Product Security.

This document was written by Will Dormann.

Other Information

Date Public:2010-08-02
Date First Published:2010-08-05
Date Last Updated:2010-09-14
CERT Advisory: 
CVE-ID(s):CVE-2010-1797
NVD-ID(s):CVE-2010-1797
US-CERT Technical Alerts: 
Severity Metric:13.39
Document Revision:29

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Produced 2010 by US-CERT, a government organization
Disclaimers and copyright information
Get a PDF Reader