CVE-2010-3444

Name of the Vulnerable Software and Affected Versions GNU FriBidi versions 0.19.1 through 0.19.2 PyFriBidi version 0.10.1

Description The issue is related to a buffer overflow in the log2vis utf8 function, which can be triggered by a crafted Arabic UTF-8 string. This string causes original 2-byte UTF-8 sequences to be transformed into 3-byte sequences, leading to a denial of service (crash) and potentially allowing the execution of arbitrary code.

Recommendations For GNU FriBidi versions 0.19.1 through 0.19.2, consider updating to a newer version that addresses this issue. For PyFriBidi version 0.10.1, consider updating to a newer version that addresses this issue. As a temporary workaround, consider restricting the input of Arabic UTF-8 strings to minimize the risk of exploitation.