Unrated severityNVD Advisory· Published Aug 19, 2010· Updated Apr 29, 2026

CVE-2010-2808

Description

Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN) font.

Affected products

FreeType/Freetype
cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:*
Range: <2.4.2
Apple Inc./Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: <4.2
Apple Inc./Mac Os X
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Range: <10.6.5
Apple Inc./tvOS
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
Range: <4.1.0
Canonical (company)/Ubuntu Linux5 versions
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*+ 4 more
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/nvdPatchThird Party Advisory
marc.infonvdMailing ListPatchThird Party Advisory
marc.infonvdMailing ListPatchThird Party Advisory
bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchThird Party Advisory
savannah.nongnu.org/bugs/nvdIssue TrackingPatchThird Party Advisory
freetype.sourceforge.net/index2.htmlnvdRelease NotesThird Party Advisory
lists.apple.com/archives/security-announce/2010//Nov/msg00000.htmlnvdMailing ListThird Party Advisory
lists.apple.com/archives/security-announce/2010//Nov/msg00003.htmlnvdMailing ListThird Party Advisory
secunia.com/advisories/40816nvdThird Party Advisory
secunia.com/advisories/40982nvdThird Party Advisory
secunia.com/advisories/42314nvdThird Party Advisory
secunia.com/advisories/42317nvdThird Party Advisory
sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/viewnvdProductThird Party Advisory
support.apple.com/kb/HT4456nvdThird Party Advisory
support.apple.com/kb/HT4457nvdThird Party Advisory
www.redhat.com/support/errata/RHSA-2010-0864.htmlnvdThird Party Advisory
www.securityfocus.com/bid/42285nvdThird Party AdvisoryVDB Entry
www.ubuntu.com/usn/USN-972-1nvdThird Party Advisory
www.vupen.com/english/advisories/2010/2018nvdThird Party Advisory
www.vupen.com/english/advisories/2010/2106nvdThird Party Advisory
www.vupen.com/english/advisories/2010/3045nvdThird Party Advisory
www.vupen.com/english/advisories/2010/3046nvdThird Party Advisory
bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019nvdIssue TrackingRelease NotesThird Party Advisory
support.apple.com/kb/HT4435nvdBroken Link
rhn.redhat.com/errata/RHSA-2010-0737.htmlnvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.006
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000