CVE 2010-2806
Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow.
Related bugs and status
CVE-2010-2806 (Candidate) is related to these bugs:
Bug #617019: FreeType security fixes in 2.4.2
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 617019 | FreeType security fixes in 2.4.2 | freetype (Ubuntu) | Undecided | Fix Released | ||
| 617019 | FreeType security fixes in 2.4.2 | freetype (Ubuntu Hardy) | Undecided | Fix Released | ||
| 617019 | FreeType security fixes in 2.4.2 | freetype (Ubuntu Karmic) | Undecided | Fix Released | ||
| 617019 | FreeType security fixes in 2.4.2 | freetype (Ubuntu Jaunty) | Undecided | Fix Released | ||
| 617019 | FreeType security fixes in 2.4.2 | freetype (Ubuntu Maverick) | Undecided | Fix Released | ||
| 617019 | FreeType security fixes in 2.4.2 | freetype (Ubuntu Dapper) | Undecided | Fix Released | ||
| 617019 | FreeType security fixes in 2.4.2 | freetype (Ubuntu Lucid) | Undecided | Fix Released | ||
Bug #700198: CVE-2009-0793
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 700198 | CVE-2009-0793 | lcms (Ubuntu) | Undecided | Fix Released | ||
| 700198 | CVE-2009-0793 | openjdk-6 (Ubuntu) | Low | Fix Released | ||
| 700198 | CVE-2009-0793 | openjdk-6b18 (Ubuntu) | Low | Fix Released | ||
| 700198 | CVE-2009-0793 | gimp (Ubuntu) | Undecided | Invalid | ||
| 700198 | CVE-2009-0793 | ia32-libs (Ubuntu) | Low | Fix Released | ||
| 700198 | CVE-2009-0793 | gimp (Ubuntu Hardy) | Undecided | Invalid | ||
| 700198 | CVE-2009-0793 | ia32-libs (Ubuntu Hardy) | Low | Fix Released | ||
| 700198 | CVE-2009-0793 | lcms (Ubuntu Hardy) | Low | Fix Released | ||
| 700198 | CVE-2009-0793 | openjdk-6 (Ubuntu Hardy) | Low | Fix Released | ||
| 700198 | CVE-2009-0793 | openjdk-6b18 (Ubuntu Hardy) | Undecided | Invalid | ||
| 700198 | CVE-2009-0793 | gimp (Ubuntu Karmic) | Undecided | Invalid | ||
| 700198 | CVE-2009-0793 | ia32-libs (Ubuntu Karmic) | Low | Fix Released | ||
| 700198 | CVE-2009-0793 | lcms (Ubuntu Karmic) | Low | Fix Released | ||
| 700198 | CVE-2009-0793 | openjdk-6 (Ubuntu Karmic) | Undecided | Fix Released | ||
| 700198 | CVE-2009-0793 | openjdk-6b18 (Ubuntu Karmic) | Undecided | Invalid | ||
| 700198 | CVE-2009-0793 | gimp (Ubuntu Lucid) | Undecided | Invalid | ||
| 700198 | CVE-2009-0793 | ia32-libs (Ubuntu Lucid) | Low | Fix Released | ||
| 700198 | CVE-2009-0793 | lcms (Ubuntu Lucid) | Low | Fix Released | ||
| 700198 | CVE-2009-0793 | openjdk-6 (Ubuntu Lucid) | Undecided | Fix Released | ||
| 700198 | CVE-2009-0793 | openjdk-6b18 (Ubuntu Lucid) | Low | Fix Released | ||
| 700198 | CVE-2009-0793 | gimp (Ubuntu Maverick) | Undecided | Invalid | ||
| 700198 | CVE-2009-0793 | ia32-libs (Ubuntu Maverick) | Low | Fix Released | ||
| 700198 | CVE-2009-0793 | lcms (Ubuntu Maverick) | Low | Fix Released | ||
| 700198 | CVE-2009-0793 | openjdk-6 (Ubuntu Maverick) | Low | Fix Released | ||
| 700198 | CVE-2009-0793 | openjdk-6b18 (Ubuntu Maverick) | Low | Fix Released | ||
| 700198 | CVE-2009-0793 | gimp (Ubuntu Natty) | Undecided | Invalid | ||
| 700198 | CVE-2009-0793 | ia32-libs (Ubuntu Natty) | Low | Fix Released | ||
| 700198 | CVE-2009-0793 | lcms (Ubuntu Natty) | Undecided | Fix Released | ||
| 700198 | CVE-2009-0793 | openjdk-6 (Ubuntu Natty) | Low | Fix Released | ||
| 700198 | CVE-2009-0793 | openjdk-6b18 (Ubuntu Natty) | Low | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
