CVE-2010-3444
EPSS 3.1%
Description
Buffer overflow in the log2vis_utf8 function in pyfribidi.c in GNU FriBidi 0.19.1, 0.19.2, and possibly other versions, as used in PyFriBidi 0.10.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Arabic UTF-8 string that causes original 2-byte UTF-8 sequences to be transformed into 3-byte sequences.
How to fix CVE-2010-3444
To remediate CVE-2010-3444, upgrade the affected package to a fixed version below.
- Debian/pyfribidi—upgrade to 0.10.0-2 or later
Is CVE-2010-3444 being exploited?
Low — EPSS is 3.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 0.10.0-2