{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-10-04T00:00:00", "descriptions": [{"lang": "en", "value": "Integer overflow in base/ftstream.c in libXft (aka the X FreeType library) in FreeType before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Compact Font Format (CFF) font file that triggers a heap-based buffer overflow, related to an \"input stream position error\" issue, a different vulnerability than CVE-2010-1797."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2011-01-12T10:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "43700", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/43700"}, {"name": "DSA-2116", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2010/dsa-2116"}, {"name": "RHSA-2010:0737", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://rhn.redhat.com/errata/RHSA-2010-0737.html"}, {"name": "MDVSA-2010:201", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:201"}, {"name": "USN-1013-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1013-1"}, {"name": "RHSA-2010:0864", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0864.html"}, {"name": "48951", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/48951"}, {"name": "SUSE-SR:2010:019", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=623625"}, {"name": "RHSA-2010:0736", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://rhn.redhat.com/errata/RHSA-2010-0736.html"}]}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-3311", "datePublished": "2011-01-07T22:00:00", "dateReserved": "2010-09-13T00:00:00", "dateUpdated": "2011-01-12T10:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:*", "matchCriteriaId": "05932F1E-2960-4CEB-9DB6-A05977E11AAC", "versionEndIncluding": "2.3.12", "vulnerable": true}, {"criteria": "cpe:2.3:a:freetype:freetype:1.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "888C3BB8-510B-4FBE-BA5D-0D488583C7DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:freetype:freetype:2.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "B126D1A0-6B54-4C56-8CEC-B395D54A5C3C", "vulnerable": true}, {"criteria": "cpe:2.3:a:freetype:freetype:2.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "28CA4C7D-D70A-44CF-8E3D-F2612CCA0799", "vulnerable": true}, {"criteria": "cpe:2.3:a:freetype:freetype:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "D4E76672-7216-443E-BBD8-120DA96F7E4D", "vulnerable": true}, {"criteria": "cpe:2.3:a:freetype:freetype:2.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "369D87D8-E4A7-4EC4-B508-2940EE174F95", "vulnerable": true}, {"criteria": "cpe:2.3:a:freetype:freetype:2.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "288FDB59-7FE4-4351-8822-554ADF07C79A", "vulnerable": true}, {"criteria": "cpe:2.3:a:freetype:freetype:2.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "B681257A-F8D8-46D5-995D-BC44F54DD5C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:freetype:freetype:2.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "56E0DEB6-4414-49AB-88E9-988CE5D8EF67", "vulnerable": true}, {"criteria": "cpe:2.3:a:freetype:freetype:2.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "56A90D08-2CAF-422F-8587-7D88EC7632A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:freetype:freetype:2.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "9B944FEB-F69D-4F6C-9485-26F95A5874B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:freetype:freetype:2.1.8:rc1:*:*:*:*:*:*", "matchCriteriaId": "B9B9B1DE-89F6-463D-A3F4-6366D5D30077", "vulnerable": true}, {"criteria": "cpe:2.3:a:freetype:freetype:2.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "F73474B9-6853-4C5C-9CB9-5F4D3080D1C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:freetype:freetype:2.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "5283E910-D512-481C-804E-8717A83B24CB", "vulnerable": true}, {"criteria": "cpe:2.3:a:freetype:freetype:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "A28C0F7A-F1F3-4F3B-81B9-228DA8FCCCD8", "vulnerable": true}, {"criteria": "cpe:2.3:a:freetype:freetype:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "F7252819-BA8A-4BD1-BAAA-179A8777C994", "vulnerable": true}, {"criteria": "cpe:2.3:a:freetype:freetype:2.2.10:*:*:*:*:*:*:*", "matchCriteriaId": "7B4450B4-B21F-4153-B9DD-C36A2381F00D", "vulnerable": true}, {"criteria": "cpe:2.3:a:freetype:freetype:2.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "11575E3C-2BEA-4264-AE41-4A962BD17035", "vulnerable": true}, {"criteria": "cpe:2.3:a:freetype:freetype:2.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "D333A965-EAD2-40DB-8FBE-C4C7DF44C35C", "vulnerable": true}, {"criteria": "cpe:2.3:a:freetype:freetype:2.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "8CA37666-D2E6-47EF-BFFE-A9449D6A72CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:freetype:freetype:2.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "F2B49505-C973-4673-A9BC-34ACA25059D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:freetype:freetype:2.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "B8E8ECCA-58F2-4A05-8DF2-79C09A5FB275", "vulnerable": true}, {"criteria": "cpe:2.3:a:freetype:freetype:2.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "8697D11D-BBDF-4722-85F7-5144A5D26E37", "vulnerable": true}, {"criteria": "cpe:2.3:a:freetype:freetype:2.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "50E3EDA8-04D1-4DF1-80BB-72C6003E8F53", "vulnerable": true}, {"criteria": "cpe:2.3:a:freetype:freetype:2.3.7:*:*:*:*:*:*:*", "matchCriteriaId": "AB06CA25-BB25-43B8-9FC2-62C399CC52EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:freetype:freetype:2.3.8:*:*:*:*:*:*:*", "matchCriteriaId": "6AF7414E-33A7-40E2-AEF0-1AE9D7D1B077", "vulnerable": true}, {"criteria": "cpe:2.3:a:freetype:freetype:2.3.9:*:*:*:*:*:*:*", "matchCriteriaId": "6FC0BD12-E065-4CC9-8AEE-E4C34A58EC3C", "vulnerable": true}, {"criteria": "cpe:2.3:a:freetype:freetype:2.3.10:*:*:*:*:*:*:*", "matchCriteriaId": "214DC64B-BA35-486B-AE30-F2D9381E4D26", "vulnerable": true}, {"criteria": "cpe:2.3:a:freetype:freetype:2.3.11:*:*:*:*:*:*:*", "matchCriteriaId": "B7CDE19A-473A-4BC5-AA7B-3D08FEEEE82C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Integer overflow in base/ftstream.c in libXft (aka the X FreeType library) in FreeType before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Compact Font Format (CFF) font file that triggers a heap-based buffer overflow, related to an \"input stream position error\" issue, a different vulnerability than CVE-2010-1797."}, {"lang": "es", "value": "Desbordamiento de enteros en base/ftstream.c en libXft (tambi\u00e9n conocida como la librer\u00eda FreeType X) en FreeType anterior a v2.4 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo arbitrario mediante un archivo de Formato de Fuente Compacto (CFF) manipulado que provoca un desbordamiento de b\u00fafer basado en memoria din\u00e1mica, relacionado con un \"error de posici\u00f3n en el flujo de entrada\", una vulnerabilidad diferente de CVE-2010-1797."}], "id": "CVE-2010-3311", "lastModified": "2023-02-13T04:23:23.663", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-01-07T23:00:18.827", "references": [{"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/48951"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2010/dsa-2116"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:201"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2010-0864.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/43700"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-1013-1"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=623625"}, {"source": "secalert@redhat.com", "url": "https://rhn.redhat.com/errata/RHSA-2010-0736.html"}, {"source": "secalert@redhat.com", "url": "https://rhn.redhat.com/errata/RHSA-2010-0737.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}