CVE-2010-2498 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2010-2498 Interim 1 17 2024-07-27T01:43:38Z current 2021-05-30T12:52:27Z 2024-07-27T01:43:38Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2010-2498 The psh_glyph_find_strong_points function in pshinter/pshalgo.c in FreeType before 2.4.0 does not properly implement hinting masks, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted font file that triggers an invalid free operation. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FSXFHANA6PYQY7T3E6HMSFOOW3UB6V2I/#FSXFHANA6PYQY7T3E6HMSFOOW3UB6V2I E-Mail link for SUSE-SR:2010:016 https://lists.suse.com/pipermail/sle-security-updates/2012-April/000094.html E-Mail link for SUSE-SU-2012:0553-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server 11 SP1 for Teradata SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP4 LTSS SUSE Linux Enterprise Server for SAP Applications 11 firefox-freetype2 freetype2-2.3.7-25.11.1 freetype2-32bit-2.3.7-25.11.1 freetype2-x86-2.3.7-25.11.1 freetype2-2.3.7-25.11.1 as a component of SUSE Linux Enterprise Server 11 freetype2-32bit-2.3.7-25.11.1 as a component of SUSE Linux Enterprise Server 11 freetype2-x86-2.3.7-25.11.1 as a component of SUSE Linux Enterprise Server 11 freetype2-2.3.7-25.11.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA freetype2-32bit-2.3.7-25.11.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA freetype2-2.3.7-25.11.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 freetype2-32bit-2.3.7-25.11.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 freetype2-x86-2.3.7-25.11.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 firefox-freetype2 as a component of SUSE Linux Enterprise Server 11 SP1 for Teradata firefox-freetype2 as a component of SUSE Linux Enterprise Server 11 SP4 LTSS The psh_glyph_find_strong_points function in pshinter/pshalgo.c in FreeType before 2.4.0 does not properly implement hinting masks, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted font file that triggers an invalid free operation. CVE-2010-2498 SUSE Linux Enterprise Server 11:freetype2-2.3.7-25.11.1 SUSE Linux Enterprise Server 11:freetype2-32bit-2.3.7-25.11.1 SUSE Linux Enterprise Server 11:freetype2-x86-2.3.7-25.11.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:freetype2-2.3.7-25.11.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:freetype2-32bit-2.3.7-25.11.1 SUSE Linux Enterprise Server for SAP Applications 11:freetype2-2.3.7-25.11.1 SUSE Linux Enterprise Server for SAP Applications 11:freetype2-32bit-2.3.7-25.11.1 SUSE Linux Enterprise Server for SAP Applications 11:freetype2-x86-2.3.7-25.11.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P