Vulnerability Note VU#275247
FreeType 2 CFF font stack corruption vulnerability
FreeType 2 contains a vulnerability in the processing of CFF fonts, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
FreeType is a font engine that can open and process font files. FreeType 2 includes the ability to handle a number of font types, including Compact Font Format (CFF). FreeType is used by a number of applications, including PDF readers, web browsers, and other applications. FreeType 2 contains a flaw in the handling of some CFF opcodes, which can result in stack corruption. This can allow arbitrary code execution.
This vulnerability is being used in the iPhone PDF JailBreak exploit.
By causing an application that uses FreeType to parse a specially-crafted CFF font, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. This can occur as the result of opening a PDF document or viewing a web page.
Apply an update
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Apple Inc.||Affected||04 Aug 2010||11 Aug 2010|
|Debian GNU/Linux||Affected||10 Aug 2010||11 Aug 2010|
|F5 Networks, Inc.||Affected||10 Aug 2010||11 Aug 2010|
|Foxit Software Company||Affected||06 Aug 2010||06 Aug 2010|
|Gentoo Linux||Affected||10 Aug 2010||11 Aug 2010|
|Red Hat, Inc.||Affected||-||05 Aug 2010|
|SUSE Linux||Affected||10 Aug 2010||10 Sep 2010|
|Wind River Systems, Inc.||Affected||10 Aug 2010||11 Aug 2010|
|Not Affected||10 Sep 2010||14 Sep 2010|
|Juniper Networks, Inc.||Not Affected||10 Aug 2010||23 Aug 2010|
|Openwall GNU/*/Linux||Not Affected||10 Aug 2010||23 Aug 2010|
|Conectiva Inc.||Unknown||10 Aug 2010||10 Aug 2010|
|Cray Inc.||Unknown||10 Aug 2010||10 Aug 2010|
|DragonFly BSD Project||Unknown||10 Aug 2010||10 Aug 2010|
|EMC Corporation||Unknown||10 Aug 2010||10 Aug 2010|
CVSS Metrics (Learn More)
This vulnerability was discovered being exploited in the wild. Additional analysis was performed by Braden Thomas of Apple Product Security.
This document was written by Will Dormann.
- CVE IDs: CVE-2010-1797
- Date Public: 02 Aug 2010
- Date First Published: 05 Aug 2010
- Date Last Updated: 14 Sep 2010
- Severity Metric: 13.39
- Document Revision: 29
If you have feedback, comments, or additional information about this vulnerability, please send us email.