DEBIAN-CVE-2010-1797

DEBIAN-CVE-2010-1797 PUBLISHED CVSS 9.300000190734863 CRITICAL

Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information.

Risk Scores

CVSS v4.0

9.300000190734863

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products

Vendor	Product	Versions
Debian:14	freetype	0, 0, 0
Debian:11	freetype	0, 0, 0
Debian:13	freetype	0, 0, 0
Debian:12	freetype	0, 0, 0

Timeline

Aug 16, 2010 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2010-1797 advisory

Open in Interactive Console →