Overview
FreeType 2 contains a vulnerability in the processing of CFF fonts, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Description
FreeType is a font engine that can open and process font files. FreeType 2 includes the ability to handle a number of font types, including Compact Font Format (CFF). FreeType is used by a number of applications, including PDF readers, web browsers, and other applications. FreeType 2 contains a flaw in the handling of some CFF opcodes, which can result in stack corruption. This can allow arbitrary code execution. This vulnerability is being used in the iPhone PDF JailBreak exploit. |
Impact
By causing an application that uses FreeType to parse a specially-crafted CFF font, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. This can occur as the result of opening a PDF document or viewing a web page. |
Solution
Apply an update |
Vendor Information
Apple Inc. Affected
Notified: August 04, 2010 Updated: August 11, 2010
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
This issue is addressed in iOS 4.0.2 and iOS 3.2.2.
Vendor References
Addendum
We have confirmed that Safari 3.x on Windows is vulnerable, as it uses FreeType. Newer versions are not affected.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Debian GNU/Linux Affected
Notified: August 10, 2010 Updated: August 11, 2010
Statement Date: August 11, 2010
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
F5 Networks, Inc. Affected
Notified: August 10, 2010 Updated: August 11, 2010
Statement Date: August 10, 2010
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
BIG-IP includes FreeType 2.2.1, however it is not allowed to generate graphs from arbitrary font files or documents. Therefore it is not vulnerable to remote attack.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Foxit Software Company Affected
Notified: August 06, 2010 Updated: August 06, 2010
Statement Date: August 06, 2010
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Vendor References
Addendum
Foxit Software has released version 4.1.1.0805 to address this vulnerability. More information can be found at:
http://www.foxitsoftware.com/pdf/reader/security_bulletins.php#iphone
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Gentoo Linux Affected
Notified: August 10, 2010 Updated: August 11, 2010
Statement Date: August 10, 2010
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Red Hat, Inc. Affected
Updated: August 05, 2010
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Vendor References
SUSE Linux Affected
Notified: August 10, 2010 Updated: September 10, 2010
Statement Date: September 08, 2010
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Vendor References
Wind River Systems, Inc. Affected
Notified: August 10, 2010 Updated: August 11, 2010
Statement Date: August 11, 2010
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Google Not Affected
Notified: September 10, 2010 Updated: September 14, 2010
Statement Date: September 14, 2010
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Juniper Networks, Inc. Not Affected
Notified: August 10, 2010 Updated: August 23, 2010
Statement Date: August 19, 2010
Status
Not Affected
Vendor Statement
Juniper Networks products are not susceptible to this vulnerability
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Openwall GNU/*/Linux Not Affected
Notified: August 10, 2010 Updated: August 23, 2010
Statement Date: August 13, 2010
Status
Not Affected
Vendor Statement
We're not shipping FreeType 2 in any product.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Conectiva Inc. Unknown
Notified: August 10, 2010 Updated: August 10, 2010
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Cray Inc. Unknown
Notified: August 10, 2010 Updated: August 10, 2010
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
DragonFly BSD Project Unknown
Notified: August 10, 2010 Updated: August 10, 2010
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
EMC Corporation Unknown
Notified: August 10, 2010 Updated: August 10, 2010
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Engarde Secure Linux Unknown
Notified: August 10, 2010 Updated: August 10, 2010
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Fedora Project Unknown
Notified: August 10, 2010 Updated: August 10, 2010
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
FreeBSD Project Unknown
Notified: August 10, 2010 Updated: August 10, 2010
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Fujitsu Unknown
Notified: August 10, 2010 Updated: August 10, 2010
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Hewlett-Packard Company Unknown
Notified: August 10, 2010 Updated: August 10, 2010
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Hitachi Unknown
Notified: August 10, 2010 Updated: August 10, 2010
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
IBM Corporation Unknown
Notified: August 10, 2010 Updated: August 10, 2010
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
IBM Corporation (zseries) Unknown
Notified: August 10, 2010 Updated: August 10, 2010
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
IBM eServer Unknown
Notified: August 10, 2010 Updated: August 10, 2010
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Infoblox Unknown
Notified: August 10, 2010 Updated: August 10, 2010
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Mandriva S. A. Unknown
Notified: August 10, 2010 Updated: August 10, 2010
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Microsoft Corporation Unknown
Notified: August 10, 2010 Updated: August 10, 2010
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
MontaVista Software, Inc. Unknown
Notified: August 10, 2010 Updated: August 10, 2010
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
NEC Corporation Unknown
Notified: August 10, 2010 Updated: August 10, 2010
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
NetBSD Unknown
Notified: August 10, 2010 Updated: August 10, 2010
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Nokia Unknown
Notified: August 10, 2010 Updated: August 10, 2010
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Novell, Inc. Unknown
Notified: August 10, 2010 Updated: August 10, 2010
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
QNX Software Systems Inc. Unknown
Notified: August 10, 2010 Updated: August 10, 2010
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
SafeNet Unknown
Notified: August 10, 2010 Updated: August 10, 2010
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Silicon Graphics, Inc. Unknown
Notified: August 10, 2010 Updated: August 10, 2010
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Slackware Linux Inc. Unknown
Notified: August 10, 2010 Updated: August 10, 2010
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Sony Corporation Unknown
Notified: August 10, 2010 Updated: August 10, 2010
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Sun Microsystems, Inc. Unknown
Notified: August 10, 2010 Updated: August 10, 2010
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
The SCO Group Unknown
Notified: August 10, 2010 Updated: August 10, 2010
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Turbolinux Unknown
Notified: August 10, 2010 Updated: August 10, 2010
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Ubuntu Unknown
Notified: August 10, 2010 Updated: August 10, 2010
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Unisys Unknown
Notified: August 10, 2010 Updated: August 10, 2010
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- http://www.securityfocus.com/bid/42241
- http://secunia.com/advisories/40816
- http://securitytracker.com/alerts/2010/Aug/1024283.html
- https://rhn.redhat.com/errata/RHSA-2010-0607.html
- http://support.apple.com/kb/HT4291
- http://support.apple.com/kb/HT4292
- http://www.f-secure.com/weblog/archives/00002002.html
- http://www.foxitsoftware.com/pdf/reader/security_bulletins.php#iphone
Acknowledgements
This vulnerability was discovered being exploited in the wild. Additional analysis was performed by Braden Thomas of Apple Product Security.
This document was written by Will Dormann.
Other Information
| CVE IDs: | CVE-2010-1797 |
| Severity Metric: | 13.39 |
| Date Public: | 2010-08-02 |
| Date First Published: | 2010-08-05 |
| Date Last Updated: | 2010-09-14 10:17 UTC |
| Document Revision: | 30 |