CVE-2010-4259

NameCVE-2010-4259
DescriptionStack-based buffer overflow in FontForge 20100501 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long CHARSET_REGISTRY header in a BDF font file.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-2253-1
Debian Bugs605537

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
fontforge (PTS)buster1:20170731~dfsg-1fixed
buster (security)1:20170731~dfsg-1+deb10u1fixed
bullseye1:20201107~dfsg-4fixed
bullseye (security)1:20201107~dfsg-4+deb11u1fixed
bookworm1:20230101~dfsg-1fixed
trixie, bookworm (security)1:20230101~dfsg-1.1~deb12u1fixed
sid1:20230101~dfsg-1.1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
fontforgesourcelenny0.0.20080429-1+lenny2DSA-2253-1
fontforgesource(unstable)0.0.20100501-4605537
Search for package or bug name: Reporting problems