Guest

Preview Tool

Cisco Bug: CSCuj54624 - PCA: Numerous FreeType Vuls on Prime Collaboration for Assurance

Last Modified

Jan 30, 2020

Products (2)

  • Cisco Prime Collaboration
  • Cisco Prime Collaboration 10.5

Known Affected Releases

10.5

Description (partial)

Symptoms:
Cisco Prime Collaboration Manager includes a version of Freetype that is affected by the vulnerabilities
identified by the following Common Vulnerability and Exposures (CVE) IDs:

CVE-2010-1797: Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF
Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on
the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or
cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as
demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information. This has
been classified by the vendor as having a CVSSv2 score of 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVE-2010-2498: The psh_glyph_find_strong_points function in pshinter/pshalgo.c in FreeType before 2.4.0 does
not properly implement hinting masks, which allows remote attackers to cause a denial of service (heap memory
corruption and application crash) or possibly execute arbitrary code via a crafted font file that triggers an
invalid free operation. This has been classified by the vendor as having a CVSSv2 score of 6.8
(AV:N/AC:M/AU:N/C:P/I:P/A:P)

CVE-2010-2499: Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before
2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary
code via a crafted LaserWriter PS font file with an embedded PFB fragment. This has been classified by the
vendor as having a CVSSv2 score of 6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P)

CVE-2010-2500: Integer overflow in the gray_render_span function in smooth/ftgrays.c in FreeType before 2.4.0
allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code
via a crafted font file. This has been classified by the vendor as having a CVSSv2 score of 6.8
(AV:N/AC:M/AU:N/C:P/I:P/A:P)

CVE-2010-2519: Heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType
before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute
arbitrary code via a crafted length value in a POST fragment header in a font file. This has been classified
by the vendor as having a CVSSv2 score of 6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P)

CVE-2010-2527: Multiple buffer overflows in demo programs in FreeType before 2.4.0 allow remote attackers to
cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. This
has been classified by the vendor as having a CVSSv2 score of 6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P)

CVE-2010-2541: Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType before 2.4.2 allows remote
attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted
font file. This has been classified by the vendor as having a CVSSv2 score of 6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P)

CVE-2010-2806: Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2
allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code
via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer
overflow. This has been classified by the vendor as having a CVSSv2 score of 6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P)

CVE-2010-2808: Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before
2.4.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or
possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN) font. This has been
classified by the vendor as having a CVSSv2 score of 6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P)

CVE-2010-3054: Unspecified vulnerability in FreeType 2.3.9, and other versions before 2.4.2, allows remote
attackers to cause a denial of service via vectors involving nested Standard Encoding Accented Character (aka
seac) calls, related to psaux.h, cffgload.c, cffgload.h, and t1decode.c. This has been classified by the
vendor as having a CVSSv2 score of 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVE-2010-3311: Integer overflow in base/ftstream.c in libXft (aka the X FreeType library) in FreeType before
2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary
code via a crafted Compact Font Format (CFF) font file that triggers a heap-based buffer overflow, related to
an ''input stream position error'' issue, a different vulnerability than CVE-2010-1797. This has been classified
by the vendor as having a CVSSv2 score of 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVE-2010-3855: Buffer overflow in the ft_var_readpackedpoints function in truetype/ttgxvar.c in FreeType 2.4.3
and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute
arbitrary code via a crafted TrueType GX font. This has been classified by the vendor as having a CVSSv2 score
of 6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P)

CVE-2011-3256: FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise
Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption) via a crafted font, a different vulnerability than CVE-2011-0226. This has been
classified by the vendor as having a CVSSv2 score of 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVE-2011-3439: FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary
code or cause a denial of service (memory corruption) via a crafted font in a document. This has been
classified by the vendor as having a CVSSv2 score of 9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C)

CVE-2012-1126: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products,
allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or
possibly execute arbitrary code via crafted property data in a BDF font. This has been classified by the
vendor as having a CVSSv2 score of 10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C)

CVE-2012-1127: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products,
allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or
possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font. This has been classified by
the vendor as having a CVSSv2 score of 9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C)

CVE-2012-1130: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products,
allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or
possibly execute arbitrary code via crafted property data in a PCF font. This has been classified by the
vendor as having a CVSSv2 score of 9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C)

CVE-2012-1131: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, on
64-bit platforms allows remote attackers to cause a denial of service (invalid heap read operation and memory
corruption) or possibly execute arbitrary code via vectors related to the cell table of a font. This has been
classified by the vendor as having a CVSSv2 score of 9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C)

CVE-2012-1132: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products,
allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or
possibly execute arbitrary code via crafted dictionary data in a Type 1 font. This has been classified by the
vendor as having a CVSSv2 score of 9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C)

CVE-2012-1134: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products,
allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or
possibly execute arbitrary code via crafted private-dictionary data in a Type 1 font. This has been classified
by the vendor as having a CVSSv2 score of 9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C)

CVE-2012-1136: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products,
allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or
possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font that lacks an ENCODING
field. This has been classified by the vendor as having a CVSSv2 score of 9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C)

CVE-2012-1137: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products,
allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or
possibly execute arbitrary code via a crafted header in a BDF font. This has been classified by the vendor as
having a CVSSv2 score of 9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C)

CVE-2012-1139: Array index error in FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and
other products, allows remote attackers to cause a denial of service (invalid stack read operation and memory
corruption) or possibly execute arbitrary code via crafted glyph data in a BDF font. This has been classified
by the vendor as having a CVSSv2 score of 9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C)

CVE-2012-1140: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products,
allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or
possibly execute arbitrary code via a crafted PostScript font object. This has been classified by the vendor
as having a CVSSv2 score of 9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C)

CVE-2012-1141: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products,
allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or
possibly execute arbitrary code via a crafted ASCII string in a BDF font. This has been classified by the
vendor as having a CVSSv2 score of 9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C)

CVE-2012-1142: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products,
allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or
possibly execute arbitrary code via crafted glyph-outline data in a font. This has been classified by the
vendor as having a CVSSv2 score of 9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C)

CVE-2012-1143: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products,
allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted font. This has been
classified by the vendor as having a CVSSv2 score of 4.3 (AV:N/AC:M/AU:N/C:N/I:N/A:P)

CVE-2012-1144: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products,
allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or
possibly execute arbitrary code via a crafted TrueType font. This has been classified by the vendor as having
a CVSSv2 score of 9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C)

CVE-2012-5669: The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to
cause a denial of service (crash) and possibly execute arbitrary code via vectors related to BDF fonts and an
incorrect calculation that triggers an out-of-bounds read. This has been classified by the vendor as having a
CVSSv2 score of 4.3 (AV:N/AC:M/AU:N/C:N/I:N/A:P)

This bug was opened to address the potential impact on this product.

Conditions:
Device running version of the software prior to this fix.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.