CVE-2009-0946

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.

References

http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0545ec1ca36b27cb928128870a83e5f668980bc5

http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=79972af4f0485a11dcb19551356c45245749fc5b

http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a18788b14db60ae3673f932249cd02d33a227c4e

http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog

http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html

http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html

http://lists.apple.com/archives/security-announce/2009/May/msg00002.html

http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html

http://secunia.com/advisories/34723

http://secunia.com/advisories/34913

http://secunia.com/advisories/34967

http://secunia.com/advisories/35065

http://secunia.com/advisories/35074

http://secunia.com/advisories/35198

http://secunia.com/advisories/35200

http://secunia.com/advisories/35204

http://secunia.com/advisories/35210

http://secunia.com/advisories/35379

http://security.gentoo.org/glsa/glsa-200905-05.xml

http://sunsolve.sun.com/search/document.do?assetkey=1-66-270268-1

http://support.apple.com/kb/HT3549

http://support.apple.com/kb/HT3613

http://support.apple.com/kb/HT3639

http://support.apple.com/kb/HT4435

http://www.debian.org/security/2009/dsa-1784

http://www.mandriva.com/security/advisories?name=MDVSA-2009:243

http://www.redhat.com/support/errata/RHSA-2009-0329.html

http://www.redhat.com/support/errata/RHSA-2009-1061.html

http://www.redhat.com/support/errata/RHSA-2009-1062.html

http://www.securityfocus.com/bid/34550

http://www.ubuntu.com/usn/USN-767-1

http://www.us-cert.gov/cas/techalerts/TA09-133A.html

http://www.vupen.com/english/advisories/2009/1058

http://www.vupen.com/english/advisories/2009/1297

http://www.vupen.com/english/advisories/2009/1522

http://www.vupen.com/english/advisories/2009/1621

https://bugzilla.redhat.com/show_bug.cgi?id=491384

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10149

Details

Source: MITRE

Published: 2009-04-17

Updated: 2021-04-05

Type: CWE-190

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Tenable Plugins

View all (30 total)

IDNameProductFamilySeverity
79961GLSA-201412-08 : Multiple packages, Multiple vulnerabilities fixed in 2010NessusGentoo Local Security Checks
critical
79459OracleVM 2.1 : freetype (OVMSA-2009-0012)NessusOracleVM Local Security Checks
critical
67864Oracle Linux 5 : freetype (ELSA-2009-1061)NessusOracle Linux Local Security Checks
critical
67813Oracle Linux 3 / 4 : freetype (ELSA-2009-0329)NessusOracle Linux Local Security Checks
critical
60588Scientific Linux Security Update : freetype on SL3.x, SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
critical
800791Mac OS X 10.6 < 10.6.5 Multiple VulnerabilitiesLog Correlation EngineOperating System Detection
high
5705Mac OS X 10.6 < 10.6.5 Multiple VulnerabilitiesNessus Network MonitorGeneric
critical
50549Mac OS X Multiple Vulnerabilities (Security Update 2010-007)NessusMacOS X Local Security Checks
high
50548Mac OS X 10.6.x < 10.6.5 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
43752CentOS 5 : freetype (CESA-2009:1061)NessusCentOS Local Security Checks
critical
41510SuSE 10 Security Update : freetype2 (ZYPP Patch Number 6181)NessusSuSE Local Security Checks
critical
41393SuSE 11 Security Update : freetype2 (SAT Patch Number 792)NessusSuSE Local Security Checks
critical
41294SuSE9 Security Update : freetype2 (YOU Patch Number 12398)NessusSuSE Local Security Checks
critical
41051Mandriva Linux Security Advisory : freetype2 (MDVSA-2009:243-2)NessusMandriva Local Security Checks
critical
40217openSUSE Security Update : freetype2 (freetype2-794)NessusSuSE Local Security Checks
critical
39965openSUSE Security Update : freetype2 (freetype2-794)NessusSuSE Local Security Checks
critical
39339Safari < 4.0 Multiple VulnerabilitiesNessusWindows
high
38886GLSA-200905-05 : FreeType: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
38874RHEL 2.1 : freetype (RHSA-2009:1062)NessusRed Hat Local Security Checks
critical
38873RHEL 5 : freetype (RHSA-2009:1061)NessusRed Hat Local Security Checks
critical
38870RHEL 3 / 4 : freetype (RHSA-2009:0329)NessusRed Hat Local Security Checks
critical
38867CentOS 3 / 4 : freetype (CESA-2009:0329)NessusCentOS Local Security Checks
critical
38744Mac OS X 10.5.x < 10.5.7 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
38743Mac OS X Multiple Vulnerabilities (Security Update 2009-002)NessusMacOS X Local Security Checks
critical
38684openSUSE 10 Security Update : freetype2 (freetype2-6185)NessusSuSE Local Security Checks
critical
38656Debian DSA-1784-1 : freetype - integer overflowsNessusDebian Local Security Checks
critical
38196Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : freetype vulnerability (USN-767-1)NessusUbuntu Local Security Checks
critical
36191FreeBSD : freetype2 -- multiple vulnerabilities (20b4f284-2bfc-11de-bdeb-0030843d3802)NessusFreeBSD Local Security Checks
critical
5023Mac OS X 10.5 < 10.5.7 Multiple VulnerabilitiesNessus Network MonitorGeneric
critical
800792Mac OS X 10.5 < 10.5.7 Multiple VulnerabilitiesLog Correlation EngineOperating System Detection
high