Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0946

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2009-0946
Last Modified 18 Nov 2010 01:26:50
Published 16 Apr 2009 08:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-0946

Summary

Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.

Vulnerable Systems

Application

  • Freetype 1.3.1

  • Freetype 2.0.6

  • Freetype 2.0.9

  • Freetype 2.1

  • Freetype 2.1.10

  • Freetype 2.1.3

  • Freetype 2.1.4

  • Freetype 2.1.5

  • Freetype 2.1.6

  • Freetype 2.1.7

  • Freetype 2.1.8

  • Freetype 2.1.8 Rc1

  • Freetype 2.1.9

  • Freetype 2.2

  • Freetype 2.2.1

  • Freetype 2.2.10

  • Freetype 2.3.3

  • Freetype 2.3.4

  • Freetype 2.3.5

  • Freetype 2.3.9


References

CERT - TA09-133A

CONFIRM - http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=491384

VUPEN - ADV-2009-1621

VUPEN - ADV-2009-1522

VUPEN - ADV-2009-1297

VUPEN - ADV-2009-1058

UBUNTU - USN-767-1

BID - 34550

REDHAT - RHSA-2009:1062

REDHAT - RHSA-2009:1061

REDHAT - RHSA-2009:0329

MANDRIVA - MDVSA-2009:243

DEBIAN - DSA-1784

CONFIRM - http://support.apple.com/kb/HT4435

CONFIRM - http://support.apple.com/kb/HT3639

CONFIRM - http://support.apple.com/kb/HT3613

CONFIRM - http://support.apple.com/kb/HT3549

SUNALERT - 270268

GENTOO - GLSA-200905-05

SECUNIA - 35379

SECUNIA - 35210

SECUNIA - 35204

SECUNIA - 35200

SECUNIA - 35198

SECUNIA - 35074

SECUNIA - 35065

SECUNIA - 34967

SECUNIA - 34913

SECUNIA - 34723

SUSE - SUSE-SR:2009:010

APPLE - APPLE-SA-2010-11-10-1

APPLE - APPLE-SA-2009-05-12

APPLE - APPLE-SA-2009-06-17-1

APPLE - APPLE-SA-2009-06-08-1

CONFIRM - http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a18788b14db60ae3673f932249cd02d33a227c4e

CONFIRM - http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=79972af4f0485a11dcb19551356c45245749fc5b

CONFIRM - http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0545ec1ca36b27cb928128870a83e5f668980bc5

Related Patches

Apple 2009-05-12 Security Update 2009-002 Server (Tiger PPC)

Apple 2009-05-12 Security Update 2009-002 (Tiger PPC)

Apple 2009-05-12 Mac OS X 10.5.7 Combo Update

Apple 2009-05-12 Mac OS X Server 10.5.7 Update

Apple 2009-05-12 Mac OS X 10.5.7 Update

Apple 2009-05-12 Security Update 2009-002 (Tiger Intel)

Apple 2009-05-12 Mac OS X Server 10.5.7 Combo Update

Apple 2010-11-10 Mac OS X 10.6.5 Combo Update (See Notes)

Apple 2010-11-10 Security Update 2010-007 (Leopard) (See Notes)

Apple 2010-11-10 Security Update 2010-007 Server (Leopard) (See Notes)

Apple 2010-11-10 Mac OS X 10.6.5 Update (See Notes)

Novell SUSE 2009:6181 freetype2 security update for SLE 10 SP2 i586


Last Updated: 27 May 2016 10:50:26