Search for vulnerabilities
Vulnerability details: VCID-rzyx-n4bm-aaam
Vulnerability ID VCID-rzyx-n4bm-aaam
Aliases CVE-2010-3855
Summary Buffer overflow in the ft_var_readpackedpoints function in truetype/ttgxvar.c in FreeType 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TrueType GX font.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-122 Heap-based Buffer Overflow
System Score Found at
rhas Important https://access.redhat.com/errata/RHSA-2010:0889
epss 0.03357 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.03357 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.03357 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.03357 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.03357 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.03357 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.03357 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.03357 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.03357 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.03357 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.03357 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.04314 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.0449 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.0449 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.0449 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.0449 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.0449 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.0449 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.0449 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.0449 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.0449 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.0449 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.0449 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.0449 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.0449 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.0449 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.0449 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.0449 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.0449 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.0449 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.0449 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.0449 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.0449 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.0449 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.0449 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.0449 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.0449 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.0449 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.0449 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.0449 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.0449 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.0449 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.0449 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.0449 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.0449 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.0449 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.0449 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.0449 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.0449 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.0449 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.0449 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.07756 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.07756 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.07756 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.07756 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.07756 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.07756 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.07756 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.07756 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.07756 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.07756 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.07756 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.07756 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.0831 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.17434 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.17434 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.17434 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.17434 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.17434 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.17434 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.17434 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.17434 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.17434 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.17434 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.17434 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.17434 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.17434 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.17434 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
epss 0.17434 https://api.first.org/data/v1/epss?cve=CVE-2010-3855
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=645275
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2010-3855
Reference id Reference type URL
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=602221
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=59eb9f8cfe7d1df379a2318316d1f04f80fba54a
http://lists.apple.com/archives/security-announce/2011//Jul/msg00000.html
http://lists.apple.com/archives/security-announce/2011//Jul/msg00001.html
http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html
http://lists.apple.com/archives/security-announce/2011//Mar/msg00005.html
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050965.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051231.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051251.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3855.json
https://api.first.org/data/v1/epss?cve=CVE-2010-3855
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3855
http://secunia.com/advisories/42289
http://secunia.com/advisories/42295
http://secunia.com/advisories/43138
http://secunia.com/advisories/48951
https://savannah.nongnu.org/bugs/?31310
http://support.apple.com/kb/HT4564
http://support.apple.com/kb/HT4565
http://support.apple.com/kb/HT4581
http://support.apple.com/kb/HT4802
http://support.apple.com/kb/HT4803
http://support.avaya.com/css/P8/documents/100122733
http://www.debian.org/security/2011/dsa-2155
http://www.mandriva.com/security/advisories?name=MDVSA-2010:235
http://www.mandriva.com/security/advisories?name=MDVSA-2010:236
http://www.redhat.com/support/errata/RHSA-2010-0889.html
http://www.securityfocus.com/bid/44214
http://www.securitytracker.com/id?1024745
http://www.ubuntu.com/usn/USN-1013-1
http://www.vupen.com/english/advisories/2010/3037
http://www.vupen.com/english/advisories/2011/0246
602221 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=602221
645275 https://bugzilla.redhat.com/show_bug.cgi?id=645275
cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:1.3.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.0.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.0.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.0.9:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.1:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.1.10:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.1.4:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.1.5:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.1.6:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.1.7:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.1.8:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.1.9:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.2.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.2.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.2.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.2.10:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.3.10:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.3.11:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.3.12:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.3.5:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.3.6:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.3.7:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.3.8:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.3.9:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.4.0:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.4.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.4.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.4.2:*:*:*:*:*:*:*
CVE-2010-3855 https://nvd.nist.gov/vuln/detail/CVE-2010-3855
GLSA-201201-09 https://security.gentoo.org/glsa/201201-09
RHSA-2010:0889 https://access.redhat.com/errata/RHSA-2010:0889
USN-1013-1 https://usn.ubuntu.com/1013-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2010-3855
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.86674
EPSS Score 0.03357
Published At May 15, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.