Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2010-3814

Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c in FreeType 2.4.3 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted SHZ bytecode instruction, related to TrueType opcodes, as demonstrated by a PDF document with a crafted embedded font.

  • Published: Nov 26, 2010
  • Updated: Apr 13, 2023
  • CVE: CVE-2010-3814
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 6.8
  • AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

Software From Fixed in
freetype / freetype 2.4.0 2.4.0.x
freetype / freetype 2.4.2 2.4.2.x
freetype / freetype 2.3.6 2.3.6.x
freetype / freetype 2.1.9 2.1.9.x
freetype / freetype 2.1.10 2.1.10.x
freetype / freetype 2.3.4 2.3.4.x
freetype / freetype 2.3.5 2.3.5.x
freetype / freetype 2.1 2.1.x
freetype / freetype 2.1.5 2.1.5.x
freetype / freetype 2.3.10 2.3.10.x
freetype / freetype 1.3.1 1.3.1.x
freetype / freetype 2.1.8 2.1.8.x
freetype / freetype 2.2.10 2.2.10.x
freetype / freetype 2.2.1 2.2.1.x
freetype / freetype 2.1.3 2.1.3.x
freetype / freetype 2.3.3 2.3.3.x
freetype / freetype 2.1.6 2.1.6.x
freetype / freetype 2.3.0 2.3.0.x
freetype / freetype 2.3.1 2.3.1.x
freetype / freetype - 2.4.3.x
freetype / freetype 2.4.1 2.4.1.x
freetype / freetype 2.0.9 2.0.9.x
freetype / freetype 2.1.8-rc1 2.1.8-rc1.x
freetype / freetype 2.3.7 2.3.7.x
freetype / freetype 2.0.6 2.0.6.x
freetype / freetype 2.3.8 2.3.8.x
freetype / freetype 2.3.11 2.3.11.x
freetype / freetype 2.3.2 2.3.2.x
freetype / freetype 2.3.12 2.3.12.x
freetype / freetype 2.3.9 2.3.9.x
freetype / freetype 2.1.7 2.1.7.x
freetype / freetype 2.1.4 2.1.4.x
freetype / freetype 2.2.0 2.2.0.x