CVE-2010-2498

Name of the Vulnerable Software and Affected Versions freetype versions prior to 2.4.8 freetype versions prior to 2.4.0

Description The issue concerns multiple vulnerabilities in the freetype package, which can be exploited remotely to compromise the confidentiality, integrity, and availability of protected information. Specifically, the psh glyph find strong points function in pshinter/pshalgo.c does not properly implement hinting masks, allowing remote attackers to cause a denial of service, such as heap memory corruption and application crash, or possibly execute arbitrary code via a crafted font file that triggers an invalid free operation.

Recommendations For versions prior to 2.4.0, consider updating to version 2.4.0 or later to address the issue with the psh glyph find strong points function. For versions prior to 2.4.8, update to version 2.4.8 or later to resolve the multiple vulnerabilities in the freetype package. As a temporary workaround, consider restricting the use of crafted font files to minimize the risk of exploitation.