CVE-2010-1797

Priority
Medium
Description
Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings
function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in
FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and
iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute
arbitrary code or cause a denial of service (memory corruption) via crafted
CFF opcodes in embedded fonts in a PDF document, as demonstrated by
JailbreakMe. NOTE: some of these details are obtained from third party
information.
References
Bugs
Assigned-to
mdeslaur
Package
Upstream:released (2.4.2)
Ubuntu 8.04 LTS (Hardy Heron):released (2.3.5-1ubuntu4.8.04.4)
Ubuntu 10.04 LTS (Lucid Lynx):released (2.3.11-1ubuntu2.2)
Patches:
Upstream:http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=11d65e8a1f1f14e56148fd991965424d9bd1cdbc (need to check)
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:21:00 UTC (commit 5347)