Search for vulnerabilities
Vulnerability details: VCID-k7p1-yvg5-aaak
Vulnerability ID VCID-k7p1-yvg5-aaak
Aliases CVE-2010-3814
Summary Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c in FreeType 2.4.3 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted SHZ bytecode instruction, related to TrueType opcodes, as demonstrated by a PDF document with a crafted embedded font.
Status Published
Exploitability 0.5
Weighted Severity 6.1
Risk 3.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
System Score Found at
generic_textual Low http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
epss 0.04414 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.04414 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.04414 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.04414 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.04414 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.04414 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.04414 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.04414 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.04414 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.04414 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.04414 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.04414 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.04414 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.04414 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.04414 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.04414 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.04414 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.04414 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.04414 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.04414 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.04414 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.04414 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.04414 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.04414 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.04414 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.04414 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.04414 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.04414 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.04414 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.04414 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.04414 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.04414 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.04414 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.04414 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.04414 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.04414 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.04414 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.04414 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.04414 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.04414 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.04414 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.04414 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.04414 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.04414 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.04414 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.04414 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.04414 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.05648 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.05648 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.05648 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.05648 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.05648 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.05648 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.05648 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.05648 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.05648 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.05648 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.05648 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.05648 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.05648 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.05648 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.0646 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.12523 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.12523 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.12523 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.16031 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.16031 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.16031 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.16031 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.16031 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.16031 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.16031 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.16031 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.16031 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.16031 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.16031 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
epss 0.16031 https://api.first.org/data/v1/epss?cve=CVE-2010-3814
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2010-3814
generic_textual Low http://support.apple.com/kb/HT4456
Reference id Reference type URL
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=602221
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0edf0986f3be570f5bf90ff245a85c1675f5c9a4
http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
https://api.first.org/data/v1/epss?cve=CVE-2010-3814
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3814
http://secunia.com/advisories/42314
http://secunia.com/advisories/43138
http://secunia.com/advisories/48951
http://security-tracker.debian.org/tracker/CVE-2010-3814
http://support.apple.com/kb/HT4456
http://support.apple.com/kb/HT4581
http://www.debian.org/security/2011/dsa-2155
http://www.mandriva.com/security/advisories?name=MDVSA-2010:236
http://www.securityfocus.com/bid/44643
http://www.securitytracker.com/id?1024767
http://www.ubuntu.com/usn/USN-1013-1
http://www.vupen.com/english/advisories/2010/3046
http://www.vupen.com/english/advisories/2011/0246
602221 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=602221
cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:1.3.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.0.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.0.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.0.9:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.1:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.1.10:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.1.4:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.1.5:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.1.6:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.1.7:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.1.8:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1.8:rc1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.1.8:rc1:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.1.9:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.2.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.2.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.2.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.2.10:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.3.10:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.3.11:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.3.12:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.3.5:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.3.6:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.3.7:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.3.8:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.3.9:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.4.0:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.4.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.4.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.4.2:*:*:*:*:*:*:*
CVE-2010-3814 https://nvd.nist.gov/vuln/detail/CVE-2010-3814
GLSA-201201-09 https://security.gentoo.org/glsa/201201-09
USN-1013-1 https://usn.ubuntu.com/1013-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2010-3814
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.87975
EPSS Score 0.04414
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.