CVE-2010-2519

Name of the Vulnerable Software and Affected Versions FreeType versions prior to 2.4.0 FreeType versions prior to 2.4.8

Description The issue is related to a heap-based buffer overflow in the Mac Read POST Resource function in base/ftobjs.c, which can be triggered by a crafted length value in a POST fragment header in a font file. This can cause a denial of service, such as an application crash, or possibly allow the execution of arbitrary code. The vulnerability can be exploited remotely.

Recommendations For versions prior to 2.4.0, update to version 2.4.0 or later. For versions prior to 2.4.8, update to version 2.4.8 or later. As a temporary workaround, consider restricting access to font files or disabling the Mac Read POST Resource function until a patch is available.