Common Vulnerabilities and Exposures assigned an identifier CVE-2010-3054 to the following vulnerability: Name: CVE-2010-3054 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3054 Assigned: 20100819 Reference: CONFIRM: https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019 Unspecified vulnerability in FreeType 2.3.9, and other versions before 2.4.2, allows remote attackers to cause a denial of service via vectors involving nested Standard Encoding Accented Character (aka seac) calls, related to psaux.h, cffgload.c, cffgload.h, and t1decode.c.
Upstream patch: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=e7389a4405223c40e552122451c7612ae030c20d
This issue affects the versions of the freetype package, as shipped with Red Hat Enterprise Linux 3, 4, and 5. -- This issue did NOT affect the versions of the freetype package, as shipped with Fedora release of 12 and 13. Those versions already contain the upstream fix for this flaw.
This issue has been addressed in following products: Red Hat Enterprise Linux 3 Via RHSA-2010:0736 https://rhn.redhat.com/errata/RHSA-2010-0736.html
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Via RHSA-2010:0737 https://rhn.redhat.com/errata/RHSA-2010-0737.html