VDB
CVE-2010-2527
CVE-2010-2527
PUBLISHED
CVSS 6.800000190734863 MEDIUM
Multiple buffer overflows in demo programs in FreeType before 2.4.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.
EPSS 2.33% · 85.1th percentile
Risk Scores
CVSS 2.0
6.800000190734863
EPSS Score
2.33%
85.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| debian | debian_linux | 5.0 |
| freetype | freetype | 0 |
| canonical | ubuntu_linux | 8.04, 9.04, 10.04 |
| n/a | n/a | * |
Exploit Intelligence
- USN-963-1 (circl)
- https://bugzilla.redhat.com/show_bug.cgi?id=614557 (circl)
- [freetype] 20100712 FreeType 2.4.0 has been released (circl)
- DSA-2070 (circl)
- http://git.savannah.gnu.org/cgit/freetype/freetype2-demos.git/commit/?id=b995299b73ba4cd259f221f500d4e63095508bec (circl)
- 1024266 (circl)
- [oss-security] 20100714 Re: Multiple bugs in freetype (circl)
- RHSA-2010:0578 (circl)
- RHSA-2010:0577 (circl)
- http://savannah.nongnu.org/bugs/?30054 (circl)
…and 1 more exploits
Timeline
- Aug 19, 2010 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 3, 2023 EPSS Score
- Feb 9, 2023 EPSS Score
- Feb 13, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
References
- http://securitytracker.com/id?1024266 url
- USN-963-1 vendor-advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=614557 url
- [freetype] 20100712 FreeType 2.4.0 has been released mailing-list
- DSA-2070 vendor-advisory
- http://git.savannah.gnu.org/cgit/freetype/freetype2-demos.git/commit/?id=b995299b73ba4cd259f221f500d4e63095508bec url
- [oss-security] 20100714 Re: Multiple bugs in freetype mailing-list
- RHSA-2010:0578 vendor-advisory
- RHSA-2010:0577 vendor-advisory
- http://savannah.nongnu.org/bugs/?30054 url
- 48951 third-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2010-2527 advisory