What is CVE-2010-1797?

CVE-2010-1797 is a vulnerability in Apple Iphone_os, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2010-08-16.

Is CVE-2010-1797 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Apple Iphone_os

CVE-2010-1797

Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and bef…

Vulnerability class: Buffer Overflow

EPSS: 0.597 (98.3th percentile) — read the EPSS interpretation.

Affected products

Apple Iphone_os — versions 1.1.5, 1.0.1, 4.0.1
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

Public proof-of-concept exploits

References

product-security@apple.com (x_refsource_CONFIRM)
product-security@apple.com (x_refsource_CONFIRM)
product-security@apple.com (x_refsource_CONFIRM)
14538 (Exploit, exploit, x_refsource_EXPLOIT-DB)
product-security@apple.com (x_refsource_CONFIRM)
ADV-2010-2018 (vdb-entry, x_refsource_VUPEN, Vendor Advisory)
66828 (x_refsource_OSVDB, vdb-entry)
product-security@apple.com (x_refsource_MISC)
USN-972-1 (x_refsource_UBUNTU, vendor-advisory)
APPLE-SA-2010-08-11-2 (vendor-advisory, x_refsource_APPLE, Vendor Advisory)

Frequently asked questions

What is CVE-2010-1797?: CVE-2010-1797 is a vulnerability in Apple Iphone_os, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2010-08-16.
Is CVE-2010-1797 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.