CVE-2010-2499

Name of the Vulnerable Software and Affected Versions FreeType versions prior to 2.4.8 FreeType versions prior to 2.4.0

Description The issue concerns multiple vulnerabilities in the FreeType package, which can be exploited remotely, potentially leading to breaches of confidentiality, integrity, and availability of protected information. A buffer overflow in the Mac Read POST Resource function in base/ftobjs.c allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted LaserWriter PS font file with an embedded PFB fragment.

Recommendations For FreeType versions prior to 2.4.8, update to version 2.4.8 or later to resolve the issue. For FreeType versions prior to 2.4.0, update to version 2.4.0 or later to address the buffer overflow vulnerability in the Mac Read POST Resource function. As a temporary workaround, consider restricting the use of crafted LaserWriter PS font files to minimize the risk of exploitation.