Integer Underflow (Wrap or Wraparound)

CVE-2010-2497

Medium

6.8/10

Summary

Integer underflow in glyph handling in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.

Access Complexity: MEDIUM
AccessVector: NETWORK
Authentication: NONE
Integrity Impact: PARTIAL
Confidentiality Impact: PARTIAL
Availability Impact: PARTIAL

CWE-191 - Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

References

Advisory Timeline

Published Aug 19, 2010

Integer Underflow (Wrap or Wraparound)

CVE-2010-2497

Summary

CWE-191 - Integer Underflow (Wrap or Wraparound)

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS