CVE-2010-1028

Description

Integer overflow in the decompression functionality in the Web Open Fonts Format (WOFF) decoder in Mozilla Firefox 3.6 before 3.6.2 and 3.7 before 3.7 alpha 3 allows remote attackers to execute arbitrary code via a crafted WOFF file that triggers a buffer overflow, as demonstrated by the vd_ff module in VulnDisco 9.0.

How to fix CVE-2010-1028

To remediate CVE-2010-1028, upgrade the affected package to a fixed version below.

• Debian/calibre—upgrade to 2.38.0+dfsg-1 or later

Is CVE-2010-1028 being exploited?

Moderate — EPSS is 9.9%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0, < 2.38.0+dfsg-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2010-1028