{"vuid":"VU#275247","idnumber":"275247","name":"FreeType 2 CFF font stack corruption vulnerability","keywords":["Apple","iOS","Security Bypass","PDF","File Processing","freetype","jailbreak"],"overview":"FreeType 2 contains a vulnerability in the processing of CFF fonts, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.","clean_desc":"FreeType is a font engine that can open and process font files. FreeType 2 includes the ability to handle a number of font types, including Compact Font Format (CFF). FreeType is used by a number of applications, including PDF readers, web browsers, and other applications. FreeType 2 contains a flaw in the handling of some CFF opcodes, which can result in stack corruption. This can allow arbitrary code execution. This vulnerability is being used in the iPhone PDF JailBreak exploit.","impact":"By causing an application that uses FreeType to parse a specially-crafted CFF font, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. This can occur as the result of opening a PDF document or viewing a web page.","resolution":"Apply an update\nThis vulnerability is fixed in the FreeType source tree. Please check with your vendor for an update.","workarounds":"","sysaffected":"","thanks":"This vulnerability was discovered being exploited in the wild. Additional analysis was performed by Braden Thomas of Apple Product Security.","author":"This document was written by Will Dormann.","public":["http://www.securityfocus.com/bid/42241","http://secunia.com/advisories/40816","http://securitytracker.com/alerts/2010/Aug/1024283.html","https://rhn.redhat.com/errata/RHSA-2010-0607.html","http://support.apple.com/kb/HT4291","http://support.apple.com/kb/HT4292","http://www.f-secure.com/weblog/archives/00002002.html","http://www.foxitsoftware.com/pdf/reader/security_bulletins.php#iphone"],"cveids":["CVE-2010-1797"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2010-08-03T17:22:22Z","publicdate":"2010-08-02T00:00:00Z","datefirstpublished":"2010-08-05T20:51:53Z","dateupdated":"2010-09-14T10:17:33Z","revision":30,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"2","cam_widelyknown":"17","cam_exploitation":"15","cam_internetinfrastructure":"10","cam_population":"10","cam_impact":"17","cam_easeofexploitation":"5","cam_attackeraccessrequired":"20","cam_scorecurrent":"13.3875","cam_scorecurrentwidelyknown":"14.34375","cam_scorecurrentwidelyknownexploited":"15.9375","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":13.3875,"vulnote":null}