CVE-2010-3311 (retired)

Integer overflow in base/ftstream.c in libXft (aka the X FreeType library)
in FreeType before 2.4 allows remote attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via a crafted
Compact Font Format (CFF) font file that triggers a heap-based buffer
overflow, related to an "input stream position error" issue, a different
vulnerability than CVE-2010-1797.
 mdeslaur> although provided patch is for freetype, the heap overflow is in
 mdeslaur> libxft/xft.
 mdeslaur> freetype 2.4.x not affected
Upstream:released (2.4.0)
More Information

Updated: 2019-09-19 15:33:04 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)