CVE-2010-2806

Name of the Vulnerable Software and Affected Versions freetype versions prior to 2.4.8 freetype version 2.1.4

Description The issue concerns multiple vulnerabilities in the freetype package, which can lead to a violation of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely, potentially causing a denial of service or allowing the execution of arbitrary code. The vulnerabilities are related to an array index error in the t42 parse sfnts function, which can be triggered by negative size values for certain strings in FontType42 font files, resulting in a heap-based buffer overflow.

Recommendations For freetype versions prior to 2.4.8, update to version 2.4.8 or later to resolve the issue. For freetype version 2.1.4, consider disabling the use of FontType42 font files or restricting access to the t42 parse sfnts function until a patch is available. As a temporary workaround, consider implementing additional security measures to prevent remote exploitation of the vulnerabilities.