CVE-2010-3311

Publication date 28 September 2010

Last updated 24 July 2024

Ubuntu priority

Integer overflow in base/ftstream.c in libXft (aka the X FreeType library) in FreeType before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Compact Font Format (CFF) font file that triggers a heap-based buffer overflow, related to an "input stream position error" issue, a different vulnerability than CVE-2010-1797.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status

How can I get the fixes?
What do statuses mean?

Notes

mdeslaur

although provided patch is for freetype, the heap overflow is in libxft/xft. freetype 2.4.x not affected

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-1013-1
FreeType vulnerabilities
4 November 2010

Other references

https://www.cve.org/CVERecord?id=CVE-2010-3311