製品・ソフトウェアに関する情報

JVN脆弱性詳細

FreeType の ttinterp.c 内にある Ins_SHZ 関数におけるヒープベースのバッファオーバーフローの脆弱性

Title	FreeType の ttinterp.c 内にある Ins_SHZ 関数におけるヒープベースのバッファオーバーフローの脆弱性
Summary	FreeType の ttinterp.c 内にある Ins_SHZ 関数には、TrueType の Opcode に関する処理に不備があるため、ヒープベースのバッファオーバーフローの脆弱性が存在します。
Possible impacts	第三者により、巧妙に細工された SHZ バイトコード命令を介して、任意のコードを実行される、またはサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Nov. 26, 2010, midnight
Registration Date	Dec. 20, 2010, 2:14 p.m.
Last Update	April 4, 2011, 2:27 p.m.

CVSS2.0 : 警告
Score	6.8
Vector	AV:N/AC:M/Au:N/C:P/I:P/A:P

Affected System

オラクル

Oracle Solaris 10

Oracle Solaris 11 Express

Oracle Solaris 8

Oracle Solaris 9

アップル

Apple Mac OS X v10.5.8

Apple Mac OS X v10.6 から v10.6.6

Apple Mac OS X Server v10.5.8

Apple Mac OS X Server v10.6 から v10.6.6

iOS 2.0 から 4.1 (iPhone 3G 以降の場合)

iOS 2.1 から 4.1 (iPod touch (2nd generation) 以降の場合)

iOS 3.2 から 3.2.2 (iPad 用)

iPad

iPhone

iPod touch

FreeType Project

FreeType 2.4.4 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2010-3814	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3814
National Vulnerability Database (NVD)
2	CVE-2010-3814	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3814

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html

ベンダー情報

No	Name	URL
Apple Security Updates
1	HT4456	http://support.apple.com/kb/HT4456
2	HT4581	http://support.apple.com/kb/HT4581
Apple セキュリティアップデート
3	HT4581	http://support.apple.com/kb/HT4581?viewlocale=ja_JP
File Release Notes and Changelog
4	FreeType 2.4.4 has been released	http://freetype.sourceforge.net/index2.html#release-freetype-2.4.4
SECURITY BLOG
5	cve_2010_3814_buffer_overflow	http://blogs.sun.com/security/entry/cve_2010_3814_buffer_overflow

その他

No	Name	URL
JVN
1	JVNVU#636925	http://jvn.jp/cert/JVNVU636925
Secunia Advisory
2	SA42314	http://secunia.com/advisories/42314
SecurityFocus
3	44643	http://www.securityfocus.com/bid/44643
SecurityTracker
4	1024767	http://www.securitytracker.com/id?1024767
VUPEN Security
5	VUPEN/ADV-2010-3046	http://www.vupen.com/english/advisories/2010/3046

Change Log

No	Changed Details	Date of change
0	[2010年12月20日] 掲載 [2011年04月04日] 影響を受けるシステム：アップル (HT4581) の情報を追加影響を受けるシステム：オラクル (cve_2010_3814_buffer_overflow) の情報を追加ベンダ情報：アップル (HT4581) を追加ベンダ情報：オラクル (cve_2010_3814_buffer_overflow) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2010-3814

Summary	Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c in FreeType 2.4.3 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted SHZ bytecode instruction, related to TrueType opcodes, as demonstrated by a PDF document with a crafted embedded font.
Publication Date	Nov. 27, 2010, 5 a.m.
Registration Date	Jan. 27, 2021, 12:09 p.m.
Last Update	Nov. 21, 2024, 10:19 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:freetype:freetype:2.4.0:::::::*
cpe:2.3:a:freetype:freetype:2.4.2:::::::*
cpe:2.3:a:freetype:freetype:2.3.6:::::::*
cpe:2.3:a:freetype:freetype:2.1.9:::::::*
cpe:2.3:a:freetype:freetype:2.1.10:::::::*
cpe:2.3:a:freetype:freetype:2.3.4:::::::*
cpe:2.3:a:freetype:freetype:2.3.5:::::::*
cpe:2.3:a:freetype:freetype:2.1:::::::*
cpe:2.3:a:freetype:freetype:2.1.5:::::::*
cpe:2.3:a:freetype:freetype:2.3.10:::::::*
cpe:2.3:a:freetype:freetype:1.3.1:::::::*
cpe:2.3:a:freetype:freetype:2.1.8:::::::*
cpe:2.3:a:freetype:freetype:2.2.10:::::::*
cpe:2.3:a:freetype:freetype:2.2.1:::::::*
cpe:2.3:a:freetype:freetype:2.1.3:::::::*
cpe:2.3:a:freetype:freetype:2.3.3:::::::*
cpe:2.3:a:freetype:freetype:2.1.6:::::::*
cpe:2.3:a:freetype:freetype:2.3.0:::::::*
cpe:2.3:a:freetype:freetype:2.3.1:::::::*
cpe:2.3:a:freetype:freetype::::::::		2.4.3
cpe:2.3:a:freetype:freetype:2.4.1:::::::*
cpe:2.3:a:freetype:freetype:2.0.9:::::::*
cpe:2.3:a:freetype:freetype:2.1.8:rc1::::::
cpe:2.3:a:freetype:freetype:2.3.7:::::::*
cpe:2.3:a:freetype:freetype:2.0.6:::::::*
cpe:2.3:a:freetype:freetype:2.3.8:::::::*
cpe:2.3:a:freetype:freetype:2.3.11:::::::*
cpe:2.3:a:freetype:freetype:2.3.2:::::::*
cpe:2.3:a:freetype:freetype:2.3.12:::::::*
cpe:2.3:a:freetype:freetype:2.3.9:::::::*
cpe:2.3:a:freetype:freetype:2.1.7:::::::*
cpe:2.3:a:freetype:freetype:2.1.4:::::::*
cpe:2.3:a:freetype:freetype:2.2.0:::::::*

Related information, measures and tools

No	URL	タグ
1	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=602221
2	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=602221
3	http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0edf0986f3be570f5bf90ff245a85c1675f5c9a4
4	http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0edf0986f3be570f5bf90ff245a85c1675f5c9a4
5	http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html	Vendor Advisory
6	http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html	Vendor Advisory
7	http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
8	http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
9	http://secunia.com/advisories/42314
10	http://secunia.com/advisories/42314
11	http://secunia.com/advisories/43138
12	http://secunia.com/advisories/43138
13	http://secunia.com/advisories/48951
14	http://secunia.com/advisories/48951
15	http://security-tracker.debian.org/tracker/CVE-2010-3814
16	http://security-tracker.debian.org/tracker/CVE-2010-3814
17	http://support.apple.com/kb/HT4456	Vendor Advisory
18	http://support.apple.com/kb/HT4456	Vendor Advisory
19	http://support.apple.com/kb/HT4581
20	http://support.apple.com/kb/HT4581
21	http://www.debian.org/security/2011/dsa-2155
22	http://www.debian.org/security/2011/dsa-2155
23	http://www.mandriva.com/security/advisories?name=MDVSA-2010:236
24	http://www.mandriva.com/security/advisories?name=MDVSA-2010:236
25	http://www.securityfocus.com/bid/44643
26	http://www.securityfocus.com/bid/44643
27	http://www.securitytracker.com/id?1024767
28	http://www.securitytracker.com/id?1024767
29	http://www.ubuntu.com/usn/USN-1013-1
30	http://www.ubuntu.com/usn/USN-1013-1
31	http://www.vupen.com/english/advisories/2010/3046
32	http://www.vupen.com/english/advisories/2010/3046
33	http://www.vupen.com/english/advisories/2011/0246
34	http://www.vupen.com/english/advisories/2011/0246

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:freetype:freetype:2.4.0:::::::*
cpe:2.3:a:freetype:freetype:2.4.2:::::::*
cpe:2.3:a:freetype:freetype:2.3.6:::::::*
cpe:2.3:a:freetype:freetype:2.1.9:::::::*
cpe:2.3:a:freetype:freetype:2.1.10:::::::*
cpe:2.3:a:freetype:freetype:2.3.4:::::::*
cpe:2.3:a:freetype:freetype:2.3.5:::::::*
cpe:2.3:a:freetype:freetype:2.1:::::::*
cpe:2.3:a:freetype:freetype:2.1.5:::::::*
cpe:2.3:a:freetype:freetype:2.3.10:::::::*
cpe:2.3:a:freetype:freetype:1.3.1:::::::*
cpe:2.3:a:freetype:freetype:2.1.8:::::::*
cpe:2.3:a:freetype:freetype:2.2.10:::::::*
cpe:2.3:a:freetype:freetype:2.2.1:::::::*
cpe:2.3:a:freetype:freetype:2.1.3:::::::*
cpe:2.3:a:freetype:freetype:2.3.3:::::::*
cpe:2.3:a:freetype:freetype:2.1.6:::::::*
cpe:2.3:a:freetype:freetype:2.3.0:::::::*
cpe:2.3:a:freetype:freetype:2.3.1:::::::*
cpe:2.3:a:freetype:freetype::::::::		2.4.3
cpe:2.3:a:freetype:freetype:2.4.1:::::::*
cpe:2.3:a:freetype:freetype:2.0.9:::::::*
cpe:2.3:a:freetype:freetype:2.1.8:rc1::::::
cpe:2.3:a:freetype:freetype:2.3.7:::::::*
cpe:2.3:a:freetype:freetype:2.0.6:::::::*
cpe:2.3:a:freetype:freetype:2.3.8:::::::*
cpe:2.3:a:freetype:freetype:2.3.11:::::::*
cpe:2.3:a:freetype:freetype:2.3.2:::::::*
cpe:2.3:a:freetype:freetype:2.3.12:::::::*
cpe:2.3:a:freetype:freetype:2.3.9:::::::*
cpe:2.3:a:freetype:freetype:2.1.7:::::::*
cpe:2.3:a:freetype:freetype:2.1.4:::::::*
cpe:2.3:a:freetype:freetype:2.2.0:::::::*