CVE-2009-0946

Severity

99%

Complexity

99%

Confidentiality

165%

Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.

Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.

CVSS 2.0 Base Score 9.9. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C).

Overview

Type

FreeType

First reported 15 years ago

2009-04-17 00:30:00

Last updated 7 years ago

2017-09-29 01:34:00

Affected Software

FreeType 1.3.1

1.3.1

FreeType 2.0.6

2.0.6

FreeType 2.0.9

2.0.9

FreeType 2.1

2.1

FreeType 2.1.3

2.1.3

FreeType 2.1.4

2.1.4

FreeType 2.1.5

2.1.5

FreeType 2.1.6

2.1.6

FreeType 2.1.7

2.1.7

FreeType 2.1.8

2.1.8

FreeType 2.1.8 rc1

2.1.8_rc1

FreeType 2.1.9

2.1.9

FreeType 2.1.10

2.1.10

FreeType 2.2

2.2

FreeType 2.2.1

2.2.1

FreeType 2.3.3

2.3.3

FreeType 2.3.4

2.3.4

FreeType 2.3.5

2.3.5

References

http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0545ec1ca36b27cb928128870a83e5f668980bc5

Exploit

http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=79972af4f0485a11dcb19551356c45245749fc5b

Exploit

http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a18788b14db60ae3673f932249cd02d33a227c4e

Exploit

http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog

Patch

APPLE-SA-2009-06-08-1

APPLE-SA-2009-06-17-1

APPLE-SA-2009-05-12

APPLE-SA-2010-11-10-1

SUSE-SR:2009:010

34723

Vendor Advisory

34913

34967

35065

35074

35198

35200

35204

35210

35379

GLSA-200905-05

270268

http://support.apple.com/kb/HT3549

http://support.apple.com/kb/HT3613

http://support.apple.com/kb/HT3639

http://support.apple.com/kb/HT4435

DSA-1784

MDVSA-2009:243

RHSA-2009:0329

RHSA-2009:1061

RHSA-2009:1062

34550

USN-767-1

TA09-133A

US Government Resource

ADV-2009-1058

ADV-2009-1297

ADV-2009-1522

ADV-2009-1621

https://bugzilla.redhat.com/show_bug.cgi?id=491384

oval:org.mitre.oval:def:10149

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.