CVE-2009-0946

HIGH

Description

Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.

References

http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0545ec1ca36b27cb928128870a83e5f668980bc5

http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=79972af4f0485a11dcb19551356c45245749fc5b

http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a18788b14db60ae3673f932249cd02d33a227c4e

http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog

http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html

http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html

http://lists.apple.com/archives/security-announce/2009/May/msg00002.html

http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html

http://secunia.com/advisories/34723

http://secunia.com/advisories/34913

http://secunia.com/advisories/34967

http://secunia.com/advisories/35065

http://secunia.com/advisories/35074

http://secunia.com/advisories/35198

http://secunia.com/advisories/35200

http://secunia.com/advisories/35204

http://secunia.com/advisories/35210

http://secunia.com/advisories/35379

http://security.gentoo.org/glsa/glsa-200905-05.xml

http://sunsolve.sun.com/search/document.do?assetkey=1-66-270268-1

http://support.apple.com/kb/HT3549

http://support.apple.com/kb/HT3613

http://support.apple.com/kb/HT3639

http://support.apple.com/kb/HT4435

http://www.debian.org/security/2009/dsa-1784

http://www.mandriva.com/security/advisories?name=MDVSA-2009:243

http://www.redhat.com/support/errata/RHSA-2009-0329.html

http://www.redhat.com/support/errata/RHSA-2009-1061.html

http://www.redhat.com/support/errata/RHSA-2009-1062.html

http://www.securityfocus.com/bid/34550

http://www.ubuntu.com/usn/USN-767-1

http://www.us-cert.gov/cas/techalerts/TA09-133A.html

http://www.vupen.com/english/advisories/2009/1058

http://www.vupen.com/english/advisories/2009/1297

http://www.vupen.com/english/advisories/2009/1522

http://www.vupen.com/english/advisories/2009/1621

https://bugzilla.redhat.com/show_bug.cgi?id=491384

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10149

Details

Source: MITRE

Published: 2009-04-17

Updated: 2021-04-05

Type: CWE-190

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Tenable Plugins

View all (30 total)

IDNameProductFamilySeverity
79961GLSA-201412-08 : Multiple packages, Multiple vulnerabilities fixed in 2010NessusGentoo Local Security Checks
critical
79459OracleVM 2.1 : freetype (OVMSA-2009-0012)NessusOracleVM Local Security Checks
critical
67864Oracle Linux 5 : freetype (ELSA-2009-1061)NessusOracle Linux Local Security Checks
critical
67813Oracle Linux 3 / 4 : freetype (ELSA-2009-0329)NessusOracle Linux Local Security Checks
critical
60588Scientific Linux Security Update : freetype on SL3.x, SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
critical
800791Mac OS X 10.6 < 10.6.5 Multiple VulnerabilitiesLog Correlation EngineOperating System Detection
high
5705Mac OS X 10.6 < 10.6.5 Multiple VulnerabilitiesNessus Network MonitorGeneric
critical
50549Mac OS X Multiple Vulnerabilities (Security Update 2010-007)NessusMacOS X Local Security Checks
high
50548Mac OS X 10.6.x < 10.6.5 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
43752CentOS 5 : freetype (CESA-2009:1061)NessusCentOS Local Security Checks
critical
41510SuSE 10 Security Update : freetype2 (ZYPP Patch Number 6181)NessusSuSE Local Security Checks
critical
41393SuSE 11 Security Update : freetype2 (SAT Patch Number 792)NessusSuSE Local Security Checks
critical
41294SuSE9 Security Update : freetype2 (YOU Patch Number 12398)NessusSuSE Local Security Checks
critical
41051Mandriva Linux Security Advisory : freetype2 (MDVSA-2009:243-2)NessusMandriva Local Security Checks
critical
40217openSUSE Security Update : freetype2 (freetype2-794)NessusSuSE Local Security Checks
critical
39965openSUSE Security Update : freetype2 (freetype2-794)NessusSuSE Local Security Checks
critical
39339Safari < 4.0 Multiple VulnerabilitiesNessusWindows
high
38886GLSA-200905-05 : FreeType: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
38874RHEL 2.1 : freetype (RHSA-2009:1062)NessusRed Hat Local Security Checks
critical
38873RHEL 5 : freetype (RHSA-2009:1061)NessusRed Hat Local Security Checks
critical
38870RHEL 3 / 4 : freetype (RHSA-2009:0329)NessusRed Hat Local Security Checks
critical
38867CentOS 3 / 4 : freetype (CESA-2009:0329)NessusCentOS Local Security Checks
critical
38744Mac OS X 10.5.x < 10.5.7 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
38743Mac OS X Multiple Vulnerabilities (Security Update 2009-002)NessusMacOS X Local Security Checks
critical
38684openSUSE 10 Security Update : freetype2 (freetype2-6185)NessusSuSE Local Security Checks
critical
38656Debian DSA-1784-1 : freetype - integer overflowsNessusDebian Local Security Checks
critical
38196Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : freetype vulnerability (USN-767-1)NessusUbuntu Local Security Checks
critical
36191FreeBSD : freetype2 -- multiple vulnerabilities (20b4f284-2bfc-11de-bdeb-0030843d3802)NessusFreeBSD Local Security Checks
critical
5023Mac OS X 10.5 < 10.5.7 Multiple VulnerabilitiesNessus Network MonitorGeneric
critical
800792Mac OS X 10.5 < 10.5.7 Multiple VulnerabilitiesLog Correlation EngineOperating System Detection
high