CVE-2010-1797: Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpr
Summary
A vulnerability existed in FreeType (a font-rendering library) where specially crafted CFF fonts (a type of compressed font format) embedded in PDF documents could cause stack-based buffer overflows (when data written to memory exceeds allocated space and corrupts adjacent data), potentially allowing attackers to run arbitrary code or crash systems. This affected Apple iOS devices before version 4.0.2 on iPhones and iPod touches, and before 3.2.2 on iPads.
Solution / Mitigation
Update FreeType to version 2.4.2 or later. Update Apple iOS to version 4.0.2 or later on iPhone and iPod touch, or version 3.2.2 or later on iPad.
Vulnerability Details
9.3
EPSS: 48.4%
Classification
Original source: https://nvd.nist.gov/vuln/detail/CVE-2010-1797
First tracked: February 15, 2026 at 08:52 PM
Classified by LLM (prompt v3) · confidence: 95%