CVE-2010-2497

Name of the Vulnerable Software and Affected Versions FreeType versions prior to 2.4.0 FreeType versions prior to 2.4.8

Description The issue is related to an integer underflow in glyph handling, which can be exploited by remote attackers using a crafted font file. This can lead to a denial of service, causing the application to crash, or possibly allow the execution of arbitrary code. The vulnerability can be exploited remotely and may compromise the confidentiality, integrity, and availability of protected information.

Recommendations For FreeType versions prior to 2.4.0, update to version 2.4.0 or later. For FreeType versions prior to 2.4.8, update to version 2.4.8 or later. As a temporary workaround, consider restricting the use of crafted font files until a patch is available.