VYPR
← All advisories
Unrated severityNVD Advisory· Published Nov 26, 2010· Updated Apr 29, 2026

CVE-2010-3814

CVE-2010-3814

Description

Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c in FreeType 2.4.3 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted SHZ bytecode instruction, related to TrueType opcodes, as demonstrated by a PDF document with a crafted embedded font.

Affected products

33
  • FreeType/Freetype33 versions
    cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:*+ 32 more
    • cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:*range: <=2.4.3
    • cpe:2.3:a:freetype:freetype:1.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:freetype:freetype:2.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:freetype:freetype:2.0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:freetype:freetype:2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:freetype:freetype:2.1.10:*:*:*:*:*:*:*
    • cpe:2.3:a:freetype:freetype:2.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:freetype:freetype:2.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:freetype:freetype:2.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:freetype:freetype:2.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:freetype:freetype:2.1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:freetype:freetype:2.1.8:*:*:*:*:*:*:*
    • cpe:2.3:a:freetype:freetype:2.1.8:rc1:*:*:*:*:*:*
    • cpe:2.3:a:freetype:freetype:2.1.9:*:*:*:*:*:*:*
    • cpe:2.3:a:freetype:freetype:2.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:freetype:freetype:2.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:freetype:freetype:2.2.10:*:*:*:*:*:*:*
    • cpe:2.3:a:freetype:freetype:2.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:freetype:freetype:2.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:freetype:freetype:2.3.10:*:*:*:*:*:*:*
    • cpe:2.3:a:freetype:freetype:2.3.11:*:*:*:*:*:*:*
    • cpe:2.3:a:freetype:freetype:2.3.12:*:*:*:*:*:*:*
    • cpe:2.3:a:freetype:freetype:2.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:freetype:freetype:2.3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:freetype:freetype:2.3.4:*:*:*:*:*:*:*
    • cpe:2.3:a:freetype:freetype:2.3.5:*:*:*:*:*:*:*
    • cpe:2.3:a:freetype:freetype:2.3.6:*:*:*:*:*:*:*
    • cpe:2.3:a:freetype:freetype:2.3.7:*:*:*:*:*:*:*
    • cpe:2.3:a:freetype:freetype:2.3.8:*:*:*:*:*:*:*
    • cpe:2.3:a:freetype:freetype:2.3.9:*:*:*:*:*:*:*
    • cpe:2.3:a:freetype:freetype:2.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:freetype:freetype:2.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:freetype:freetype:2.4.2:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

17

News mentions

0

No linked articles in our index yet.