Search for vulnerabilities
Vulnerability details: VCID-x3ra-kw17-aaar
Vulnerability ID VCID-x3ra-kw17-aaar
Aliases CVE-2010-2519
Summary Heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted length value in a POST fragment header in a font file.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-787 Out-of-bounds Write
CWE-122 Heap-based Buffer Overflow
System Score Found at
rhas Important https://access.redhat.com/errata/RHSA-2010:0578
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.00633 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.00633 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.00633 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.00633 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.00641 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.00641 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.00641 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.0452 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.0452 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.0452 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.0452 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.0452 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.0452 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.0452 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.0452 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.0452 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.0452 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.0452 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.0452 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.0452 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.0452 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.0452 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.0452 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.0452 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.0452 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.0452 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.0452 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.0452 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.0452 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.0452 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.0452 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.0452 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.0452 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.0452 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.0452 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.0452 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.0452 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.0452 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.0452 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.0452 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.0452 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.0452 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.0452 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.0452 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.0452 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.0452 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.0452 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.0452 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.0452 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.0452 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.0452 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.0452 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.0452 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.0452 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.0452 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.0452 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.0452 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.0452 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.0452 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.0452 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.0452 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.0452 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.0452 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.0452 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
epss 0.05463 https://api.first.org/data/v1/epss?cve=CVE-2010-2519
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2010-2519
Reference id Reference type URL
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=5ef20c8c1d4de12a84b50ba497c2a358c90ec44b
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=b2ea64bcc6c385a8e8318f9c759450a07df58b6d
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
http://lists.nongnu.org/archive/html/freetype/2010-07/msg00001.html
http://marc.info/?l=oss-security&m=127905701201340&w=2
http://marc.info/?l=oss-security&m=127909326909362&w=2
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2519.json
https://api.first.org/data/v1/epss?cve=CVE-2010-2519
https://bugzilla.redhat.com/show_bug.cgi?id=613194
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2519
http://secunia.com/advisories/48951
http://securitytracker.com/id?1024266
https://savannah.nongnu.org/bugs/?30306
http://support.apple.com/kb/HT4435
http://www.debian.org/security/2010/dsa-2070
http://www.mandriva.com/security/advisories?name=MDVSA-2010:137
http://www.redhat.com/support/errata/RHSA-2010-0578.html
http://www.ubuntu.com/usn/USN-963-1
cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
CVE-2010-2519 https://nvd.nist.gov/vuln/detail/CVE-2010-2519
GLSA-201201-09 https://security.gentoo.org/glsa/201201-09
RHSA-2010:0578 https://access.redhat.com/errata/RHSA-2010:0578
USN-963-1 https://usn.ubuntu.com/963-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2010-2519
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.79248
EPSS Score 0.00611
Published At Nov. 21, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.