Release DateAug 24, 2010 |
Severityhigh |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates an attack attempt against a buffer-overflow vulnerability in FreeType Compact Font Format(CFF). CFF is supported in some popular document formats including PDF.This vulnerability is being exploited to jailbreak vulnerable Apple devices. |
Affected ProductsFreeType 2.4FreeType 2.3.6 FreeType 2.3.5 FreeType 2.3.4 FreeType 2.3.3 FreeType 2.2.10 FreeType 2.2.1 FreeType 2.2 FreeType 2.1.10 FreeType 2.1.9 FreeType 2.1.7 FreeType 2.0.9 FreeType 2.0.6 |
Recommended ActionsUpgrade to the latest version, available from the following web site:http://www.freetype.org |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2010-1797 |
Reference/shttp://secunia.com/advisories/41648/http://www.securityfocus.com/bid/42151 (BugTraq) http://www.exploit-db.com/exploits/14538/ |
