CVE-2015-9383

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

FreeType before 2.6.2 has a heap-based buffer over-read in tt_cmap14_validate in sfnt/ttcmap.c.

References

http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=57cbb8c148999ba8f14ed53435fc071ac9953afd

https://lists.debian.org/debian-lts-announce/2019/09/msg00002.html

https://savannah.nongnu.org/bugs/?46346

https://usn.ubuntu.com/4126-1/

https://usn.ubuntu.com/4126-2/

Details

Source: MITRE

Published: 2019-09-03

Updated: 2019-09-10

Type: CWE-125

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 2.8

Severity: MEDIUM

Tenable Plugins

View all (7 total)

IDNameProductFamilySeverity
135653EulerOS Virtualization 3.0.2.2 : freetype (EulerOS-SA-2020-1491)NessusHuawei Local Security Checks
critical
134513EulerOS Virtualization for ARM 64 3.0.2.0 : freetype (EulerOS-SA-2020-1224)NessusHuawei Local Security Checks
critical
132298EulerOS 2.0 SP3 : freetype (EulerOS-SA-2019-2581)NessusHuawei Local Security Checks
high
131667EulerOS 2.0 SP2 : freetype (EulerOS-SA-2019-2514)NessusHuawei Local Security Checks
high
130857EulerOS 2.0 SP5 : freetype (EulerOS-SA-2019-2148)NessusHuawei Local Security Checks
critical
128630Ubuntu 16.04 LTS : freetype vulnerability (USN-4126-1)NessusUbuntu Local Security Checks
medium
128509Debian DLA-1909-1 : freetype security updateNessusDebian Local Security Checks
high