NVD

Id
15155  
Name
CVE-2010-3814  
Description
Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c in FreeType 2.4.3 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted SHZ bytecode instruction, related to TrueType opcodes, as demonstrated by a PDF document with a crafted embedded font.  
Reject
 
CVSS Version
2  
CVSS Score
6.8  
Severity
Medium  
CVSS Base Score
6.8  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-18  
Published
2010-11-26  
Modified Date
2012-12-18  
Seq
2010-3814  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
85031 15155 CVE-2010-3814 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=602221  View
85032 15155 CVE-2010-3814 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0edf0986f3be570f5bf90ff245a85c1675f5c9a4  View
85033 15155 CVE-2010-3814 APPLE-SA-2010-11-22-1  View
85034 15155 CVE-2010-3814 APPLE-SA-2011-03-21-1  View
85035 15155 CVE-2010-3814 http://security-tracker.debian.org/tracker/CVE-2010-3814  View
85036 15155 CVE-2010-3814 http://support.apple.com/kb/HT4456  View
85037 15155 CVE-2010-3814 http://support.apple.com/kb/HT4581  View
85038 15155 CVE-2010-3814 DSA-2155  View
85039 15155 CVE-2010-3814 MDVSA-2010:236  View
85040 15155 CVE-2010-3814 44643  View
85041 15155 CVE-2010-3814 1024767  View
85042 15155 CVE-2010-3814 USN-1013-1  View
85043 15155 CVE-2010-3814 ADV-2010-3046  View
85044 15155 CVE-2010-3814 ADV-2011-0246  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
36739 JVNDB-2010-002519 FreeType の ttinterp.c 内にある Ins_SHZ 関数におけるヒープベースのバッファオーバーフローの脆弱性 FreeType の ttinterp.c 内にある Ins_SHZ 関数には、TrueType の Opcode に関する処理に不備があるため、ヒープベースのバッファオーバーフローの脆弱性が存在します。 CVE-2010-3814 46394 CVE-2010-3814 15155 6.8 http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002519.html 2010-11-26 2011-04-04 View