CVE-2010-3311

Integer overflow in base/ftstream.c in libXft (aka the X FreeType library) in FreeType before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Compact Font Format (CFF) font file that triggers a heap-based buffer overflow, related to an "input stream position error" issue, a different vulnerability than CVE-2010-1797.

Published: Jan 8, 2011
Updated: Apr 13, 2023
CVE: CVE-2010-3311
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-189

Affected Software
References

Software	From	Fixed in
freetype / freetype	2.3.6	2.3.6.x
freetype / freetype	2.1.9	2.1.9.x
freetype / freetype	2.1.10	2.1.10.x
freetype / freetype	2.3.4	2.3.4.x
freetype / freetype	2.3.5	2.3.5.x
freetype / freetype	2.1	2.1.x
freetype / freetype	2.1.5	2.1.5.x
freetype / freetype	2.3.10	2.3.10.x
freetype / freetype	-	2.3.12.x
freetype / freetype	1.3.1	1.3.1.x
freetype / freetype	2.1.8	2.1.8.x
freetype / freetype	2.2.10	2.2.10.x
freetype / freetype	2.2.1	2.2.1.x
freetype / freetype	2.1.3	2.1.3.x
freetype / freetype	2.3.3	2.3.3.x
freetype / freetype	2.1.6	2.1.6.x
freetype / freetype	2.3.0	2.3.0.x
freetype / freetype	2.3.1	2.3.1.x
freetype / freetype	2.0.9	2.0.9.x
freetype / freetype	2.1.8-rc1	2.1.8-rc1.x
freetype / freetype	2.3.7	2.3.7.x
freetype / freetype	2.0.6	2.0.6.x
freetype / freetype	2.3.8	2.3.8.x
freetype / freetype	2.3.11	2.3.11.x
freetype / freetype	2.3.2	2.3.2.x
freetype / freetype	2.3.9	2.3.9.x
freetype / freetype	2.1.7	2.1.7.x
freetype / freetype	2.1.4	2.1.4.x
freetype / freetype	2.2.0	2.2.0.x

Vulnerability Database

289,599

CVE-2010-3311