Candidate: CVE-2010-2497
PublicDate: 2010-08-19 18:00:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2497
Description:
 Integer underflow in glyph handling in FreeType before 2.4.0 allows remote
 attackers to cause a denial of service (application crash) or possibly
 execute arbitrary code via a crafted font file.
Ubuntu-Description: 
Notes: 
 mdeslaur> code not present in lucid and earlier
Bugs: 
 http://savannah.nongnu.org/bugs/index.php?30082
 http://savannah.nongnu.org/bugs/index.php?30083
Priority: medium
Discovered-by:
Assigned-to: 
CVSS: 

Patches_freetype:
 upstream: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=7d3d2cc4fef72c6be9c454b3809c387e12b44cfc
 upstream: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=7d3d2cc4fef72c6be9c454b3809c387e12b44cfc
upstream_freetype: released (2.4.0)
dapper_freetype: not-affected (code not present)
hardy_freetype: not-affected (code not present)
jaunty_freetype: not-affected (code not present)
karmic_freetype: not-affected (code not present)
lucid_freetype: not-affected (code not present)
devel_freetype: not-affected (2.4.0-2)