CVE-2010-1797 Information

Description

Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2 as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information.

Reference

http://freetype.sourceforge.net/index2.htmlrelease-freetype-2.4.2 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=018f5c27813dd7eef4648fe254632ecea0c85a50 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=11d65e8a1f1f14e56148fd991965424d9bd1cdbc http://lists.apple.com/archives/security-announce/2010//Aug/msg00000.html http://lists.apple.com/archives/security-announce/2010//Aug/msg00001.html http://osvdb.org/66828 http://secunia.com/advisories/40807 http://secunia.com/advisories/40816 http://secunia.com/advisories/40982 http://secunia.com/advisories/48951 http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view http://support.apple.com/kb/HT4291 http://support.apple.com/kb/HT4292 http://www.exploit-db.com/exploits/14538 http://www.f-secure.com/weblog/archives/00002002.html http://www.securityfocus.com/bid/42151 http://www.ubuntu.com/usn/USN-972-1 http://www.vupen.com/english/advisories/2010/2018 http://www.vupen.com/english/advisories/2010/2106 https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019 https://bugzilla.redhat.com/show_bug.cgi?id=621144 https://exchange.xforce.ibmcloud.com/vulnerabilities/60856