CVE-2010-3814
freetype - several
EPSS 5.6%
Description
Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c in FreeType 2.4.3 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted SHZ bytecode instruction, related to TrueType opcodes, as demonstrated by a PDF document with a crafted embedded font.
How to fix CVE-2010-3814
To remediate CVE-2010-3814, upgrade the affected package to a fixed version below.
- Debian/freetype—upgrade to 2.4.2-2.1 or later
- Debian/freetype—upgrade to 2.3.7-2+lenny5 or later
Is CVE-2010-3814 being exploited?
Moderate — EPSS is 5.6%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 2.4.2-2.1
- from 0, < 2.3.7-2+lenny5