CVE-2010-1797

N/A Unknown

Published: August 16, 2010 Modified: April 29, 2026

Description

Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2

Source: product-security@apple.com

http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=018f5c27813dd7eef4648fe254632ecea0c85a50

Source: product-security@apple.com

http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=11d65e8a1f1f14e56148fd991965424d9bd1cdbc

Source: product-security@apple.com

http://lists.apple.com/archives/security-announce/2010//Aug/msg00000.html

Source: product-security@apple.com

http://lists.apple.com/archives/security-announce/2010//Aug/msg00001.html

Source: product-security@apple.com

Vendor Advisory

http://osvdb.org/66828

Source: product-security@apple.com

http://secunia.com/advisories/40807

Source: product-security@apple.com

Vendor Advisory

http://secunia.com/advisories/40816

Source: product-security@apple.com

Vendor Advisory

http://secunia.com/advisories/40982

Source: product-security@apple.com

Vendor Advisory

http://secunia.com/advisories/48951

Source: product-security@apple.com

http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view

Source: product-security@apple.com

http://support.apple.com/kb/HT4291

Source: product-security@apple.com

Vendor Advisory

http://support.apple.com/kb/HT4292

Source: product-security@apple.com

Vendor Advisory

http://www.exploit-db.com/exploits/14538

Source: product-security@apple.com

Exploit

http://www.f-secure.com/weblog/archives/00002002.html

Source: product-security@apple.com

http://www.securityfocus.com/bid/42151

Source: product-security@apple.com

Exploit

http://www.ubuntu.com/usn/USN-972-1

Source: product-security@apple.com

http://www.vupen.com/english/advisories/2010/2018

Source: product-security@apple.com

Vendor Advisory

http://www.vupen.com/english/advisories/2010/2106

Source: product-security@apple.com

Vendor Advisory

https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019

Source: product-security@apple.com

https://bugzilla.redhat.com/show_bug.cgi?id=621144

Source: product-security@apple.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/60856

Source: product-security@apple.com

http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2

Source: af854a3a-2127-422b-91ae-364da2661108

http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=018f5c27813dd7eef4648fe254632ecea0c85a50

Source: af854a3a-2127-422b-91ae-364da2661108

http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=11d65e8a1f1f14e56148fd991965424d9bd1cdbc

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.apple.com/archives/security-announce/2010//Aug/msg00000.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.apple.com/archives/security-announce/2010//Aug/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://osvdb.org/66828

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/40807

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/40816

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/40982

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/48951

Source: af854a3a-2127-422b-91ae-364da2661108

http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.apple.com/kb/HT4291

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://support.apple.com/kb/HT4292

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.exploit-db.com/exploits/14538

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.f-secure.com/weblog/archives/00002002.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/42151

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.ubuntu.com/usn/USN-972-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2010/2018

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.vupen.com/english/advisories/2010/2106

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=621144

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/60856

Source: af854a3a-2127-422b-91ae-364da2661108

44 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

30.7%

98th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-119

Affected Vendors

apple

Related CVEs

CVE-2026-8662 3.3

CVE-2026-8658 6.0

CVE-2026-8666 7.7

CVE-2026-8665 7.7

CVE-2026-8664 6.0