CVE-2009-0946 - Vulnerability Details

Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Iphone Os Mac Os X Mac Os X Server Safari
Canonical	Ubuntu Linux
Debian	Debian Linux
Freetype	Freetype
Opensuse	Opensuse
Redhat	Enterprise Linux
Suse	Linux Enterprise Server

Configuration 1 [-]

cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:4.0:::::::*
	cpe:2.3:o:debian:debian_linux:5.0:::::::*
	cpe:2.3:o:debian:debian_linux:6.0:::::::*

Configuration 3 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:8.04::::-:::
	cpe:2.3:o:canonical:ubuntu_linux:8.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:9.04:::::::*

Configuration 4 [-]

OR	cpe:2.3:o:opensuse:opensuse:10.3:::::::*
	cpe:2.3:o:opensuse:opensuse:11.0:::::::*
	cpe:2.3:o:opensuse:opensuse:11.1:::::::*
	cpe:2.3:o:suse:linux_enterprise_server:10:-::::::
	cpe:2.3:o:suse:linux_enterprise_server:11:-::::::

Configuration 5 [-]

OR	cpe:2.3:a:apple:safari:4.0:::::::*
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:mac_os_x::::::::
	cpe:2.3:o:apple:mac_os_x:10.4.11:::::::*
	cpe:2.3:o:apple:mac_os_x:10.5.8:::::::*
	cpe:2.3:o:apple:mac_os_x_server::::::::
	cpe:2.3:o:apple:mac_os_x_server:10.4.11:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.5.8:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 2.1
freetype-0:2.0.3-17.el21	cpe:/o:redhat:enterprise_linux:2.1	RHSA-2009:1062	2009-05-22T00:00:00Z
Red Hat Enterprise Linux 3
freetype-0:2.1.4-12.el3	cpe:/o:redhat:enterprise_linux:3	RHSA-2009:0329	2009-05-22T00:00:00Z
Red Hat Enterprise Linux 4
freetype-0:2.1.9-10.el4.7	cpe:/o:redhat:enterprise_linux:4	RHSA-2009:0329	2009-05-22T00:00:00Z
Red Hat Enterprise Linux 5
freetype-0:2.2.1-21.el5_3	cpe:/o:redhat:enterprise_linux:5	RHSA-2009:1061	2009-05-22T00:00:00Z

References

Link	Providers
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0545ec1ca36b27cb928128870a83e5f668980bc5
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=79972af4f0485a11dcb19551356c45245749fc5b
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a18788b14db60ae3673f932249cd02d33a227c4e
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
http://secunia.com/advisories/34723
http://secunia.com/advisories/34913
http://secunia.com/advisories/34967
http://secunia.com/advisories/35065
http://secunia.com/advisories/35074
http://secunia.com/advisories/35198
http://secunia.com/advisories/35200
http://secunia.com/advisories/35204
http://secunia.com/advisories/35210
http://secunia.com/advisories/35379
http://security.gentoo.org/glsa/glsa-200905-05.xml
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270268-1
http://support.apple.com/kb/HT3549
http://support.apple.com/kb/HT3613
http://support.apple.com/kb/HT3639
http://support.apple.com/kb/HT4435
http://www.debian.org/security/2009/dsa-1784
http://www.mandriva.com/security/advisories?name=MDVSA-2009:243
http://www.redhat.com/support/errata/RHSA-2009-0329.html
http://www.redhat.com/support/errata/RHSA-2009-1061.html
http://www.redhat.com/support/errata/RHSA-2009-1062.html
http://www.securityfocus.com/bid/34550
http://www.ubuntu.com/usn/USN-767-1
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
http://www.vupen.com/english/advisories/2009/1058
http://www.vupen.com/english/advisories/2009/1297
http://www.vupen.com/english/advisories/2009/1522
http://www.vupen.com/english/advisories/2009/1621
https://bugzilla.redhat.com/show_bug.cgi?id=491384
https://nvd.nist.gov/vuln/detail/CVE-2009-0946
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10149
https://www.cve.org/CVERecord?id=CVE-2009-0946

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-04-17T00:00:00

Updated: 2024-08-07T04:57:17.538Z

Reserved: 2009-03-18T00:00:00

Link: CVE-2009-0946

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2009-04-17T00:30:00.250

Modified: 2025-04-09T00:30:58.490

Link: CVE-2009-0946

Redhat

Severity : Important

Publid Date: 2009-03-20T00:00:00Z

Links: CVE-2009-0946 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-04-16T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "34967", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/34967"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT3639"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT4435"}, {"name": "34913", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/34913"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a18788b14db60ae3673f932249cd02d33a227c4e"}, {"name": "ADV-2009-1621", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/1621"}, {"name": "34550", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/34550"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT3549"}, {"name": "MDVSA-2009:243", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:243"}, {"name": "APPLE-SA-2009-06-08-1", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"}, {"name": "USN-767-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-767-1"}, {"name": "270268", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-270268-1"}, {"name": "35198", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35198"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=79972af4f0485a11dcb19551356c45245749fc5b"}, {"name": "35074", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35074"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0545ec1ca36b27cb928128870a83e5f668980bc5"}, {"name": "ADV-2009-1522", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/1522"}, {"name": "APPLE-SA-2010-11-10-1", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"}, {"name": "RHSA-2009:1062", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2009-1062.html"}, {"name": "APPLE-SA-2009-06-17-1", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"}, {"name": "APPLE-SA-2009-05-12", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"}, {"name": "35065", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35065"}, {"name": "DSA-1784", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2009/dsa-1784"}, {"name": "35210", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35210"}, {"name": "GLSA-200905-05", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200905-05.xml"}, {"name": "35379", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35379"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=491384"}, {"name": "oval:org.mitre.oval:def:10149", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10149"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog"}, {"name": "SUSE-SR:2009:010", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"}, {"name": "TA09-133A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"}, {"name": "ADV-2009-1297", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/1297"}, {"name": "35200", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35200"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT3613"}, {"name": "RHSA-2009:0329", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2009-0329.html"}, {"name": "ADV-2009-1058", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/1058"}, {"name": "35204", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35204"}, {"name": "34723", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/34723"}, {"name": "RHSA-2009:1061", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2009-1061.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-0946", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "34967", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/34967"}, {"name": "http://support.apple.com/kb/HT3639", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3639"}, {"name": "http://support.apple.com/kb/HT4435", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT4435"}, {"name": "34913", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/34913"}, {"name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a18788b14db60ae3673f932249cd02d33a227c4e", "refsource": "CONFIRM", "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a18788b14db60ae3673f932249cd02d33a227c4e"}, {"name": "ADV-2009-1621", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/1621"}, {"name": "34550", "refsource": "BID", "url": "http://www.securityfocus.com/bid/34550"}, {"name": "http://support.apple.com/kb/HT3549", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3549"}, {"name": "MDVSA-2009:243", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:243"}, {"name": "APPLE-SA-2009-06-08-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"}, {"name": "USN-767-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-767-1"}, {"name": "270268", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-270268-1"}, {"name": "35198", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35198"}, {"name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=79972af4f0485a11dcb19551356c45245749fc5b", "refsource": "CONFIRM", "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=79972af4f0485a11dcb19551356c45245749fc5b"}, {"name": "35074", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35074"}, {"name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0545ec1ca36b27cb928128870a83e5f668980bc5", "refsource": "CONFIRM", "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0545ec1ca36b27cb928128870a83e5f668980bc5"}, {"name": "ADV-2009-1522", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/1522"}, {"name": "APPLE-SA-2010-11-10-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"}, {"name": "RHSA-2009:1062", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2009-1062.html"}, {"name": "APPLE-SA-2009-06-17-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"}, {"name": "APPLE-SA-2009-05-12", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"}, {"name": "35065", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35065"}, {"name": "DSA-1784", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2009/dsa-1784"}, {"name": "35210", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35210"}, {"name": "GLSA-200905-05", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200905-05.xml"}, {"name": "35379", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35379"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=491384", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=491384"}, {"name": "oval:org.mitre.oval:def:10149", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10149"}, {"name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog", "refsource": "CONFIRM", "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog"}, {"name": "SUSE-SR:2009:010", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"}, {"name": "TA09-133A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"}, {"name": "ADV-2009-1297", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/1297"}, {"name": "35200", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35200"}, {"name": "http://support.apple.com/kb/HT3613", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3613"}, {"name": "RHSA-2009:0329", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2009-0329.html"}, {"name": "ADV-2009-1058", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/1058"}, {"name": "35204", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35204"}, {"name": "34723", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/34723"}, {"name": "RHSA-2009:1061", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2009-1061.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T04:57:17.538Z"}, "title": "CVE Program Container", "references": [{"name": "34967", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/34967"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.apple.com/kb/HT3639"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.apple.com/kb/HT4435"}, {"name": "34913", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/34913"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a18788b14db60ae3673f932249cd02d33a227c4e"}, {"name": "ADV-2009-1621", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/1621"}, {"name": "34550", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/34550"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.apple.com/kb/HT3549"}, {"name": "MDVSA-2009:243", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:243"}, {"name": "APPLE-SA-2009-06-08-1", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"}, {"name": "USN-767-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-767-1"}, {"name": "270268", "tags": ["vendor-advisory", "x_refsource_SUNALERT", "x_transferred"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-270268-1"}, {"name": "35198", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35198"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=79972af4f0485a11dcb19551356c45245749fc5b"}, {"name": "35074", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35074"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0545ec1ca36b27cb928128870a83e5f668980bc5"}, {"name": "ADV-2009-1522", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/1522"}, {"name": "APPLE-SA-2010-11-10-1", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"}, {"name": "RHSA-2009:1062", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2009-1062.html"}, {"name": "APPLE-SA-2009-06-17-1", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"}, {"name": "APPLE-SA-2009-05-12", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"}, {"name": "35065", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35065"}, {"name": "DSA-1784", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2009/dsa-1784"}, {"name": "35210", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35210"}, {"name": "GLSA-200905-05", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200905-05.xml"}, {"name": "35379", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35379"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=491384"}, {"name": "oval:org.mitre.oval:def:10149", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10149"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog"}, {"name": "SUSE-SR:2009:010", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"}, {"name": "TA09-133A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"}, {"name": "ADV-2009-1297", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/1297"}, {"name": "35200", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35200"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.apple.com/kb/HT3613"}, {"name": "RHSA-2009:0329", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2009-0329.html"}, {"name": "ADV-2009-1058", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/1058"}, {"name": "35204", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35204"}, {"name": "34723", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/34723"}, {"name": "RHSA-2009:1061", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2009-1061.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-0946", "datePublished": "2009-04-17T00:00:00", "dateReserved": "2009-03-18T00:00:00", "dateUpdated": "2024-08-07T04:57:17.538Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:*", "matchCriteriaId": "7039ABA3-F36E-4337-8F61-470B2FA1C9EF", "versionEndIncluding": "2.3.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*", "matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*", "matchCriteriaId": "7EBFE35C-E243-43D1-883D-4398D71763CC", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*", "matchCriteriaId": "4747CC68-FAF4-482F-929A-9DA6C24CB663", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*", "matchCriteriaId": "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*", "matchCriteriaId": "C35B68DF-1440-4587-8458-9C5F4D1E43F3", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "1B42AB65-443B-4655-BAEA-4EB4A43D9509", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*", "matchCriteriaId": "FBF7B6A8-3DF9-46EC-A90E-6EF68C39F883", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:-:*:*:*:*:*:*", "matchCriteriaId": "38C3AEB0-59E2-400A-8943-60C0A223B680", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*", "matchCriteriaId": "F13F07CC-739B-465C-9184-0E9D708BD4C7", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BDA6DB4-A0DA-43CA-AABD-10EEEEB28EAB", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "614C28E3-3645-4B20-95E5-42E7F123ADDB", "versionEndIncluding": "2.2.1", "versionStartIncluding": "1.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "C6DA1D55-B689-47CF-A55F-3C16DA4EFFFF", "versionEndIncluding": "10.6.4", "versionStartIncluding": "10.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*", "matchCriteriaId": "6EE39585-CF3B-4493-96D8-B394544C7643", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*", "matchCriteriaId": "1335E35A-D381-4056-9E78-37BC6DF8AD98", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "924AFEE6-E331-4E10-B1B8-1FF1FF801120", "versionEndIncluding": "10.6.4", "versionStartIncluding": "10.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*", "matchCriteriaId": "D09D5933-A7D9-4A61-B863-CD8E7D5E67D8", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.5.8:*:*:*:*:*:*:*", "matchCriteriaId": "82B4CD59-9F37-4EF0-BA43-427CFD6E1329", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de entero en FreeType v2.3.9 y anteriores permiten a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante vectores relacionados con valores grandes en ciertas entradas en (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, y (3) cff/cffload.c."}], "id": "CVE-2009-0946", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-04-17T00:30:00.250", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0545ec1ca36b27cb928128870a83e5f668980bc5"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=79972af4f0485a11dcb19551356c45245749fc5b"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a18788b14db60ae3673f932249cd02d33a227c4e"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Third Party Advisory"], "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/34723"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/34913"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/34967"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/35065"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/35074"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/35198"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/35200"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/35204"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/35210"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/35379"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://security.gentoo.org/glsa/glsa-200905-05.xml"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-270268-1"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://support.apple.com/kb/HT3549"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://support.apple.com/kb/HT3613"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://support.apple.com/kb/HT3639"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://support.apple.com/kb/HT4435"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2009/dsa-1784"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:243"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2009-0329.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2009-1061.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2009-1062.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/34550"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-767-1"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2009/1058"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2009/1297"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2009/1522"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2009/1621"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=491384"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10149"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0545ec1ca36b27cb928128870a83e5f668980bc5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=79972af4f0485a11dcb19551356c45245749fc5b"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a18788b14db60ae3673f932249cd02d33a227c4e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Third Party Advisory"], "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/34723"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/34913"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/34967"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/35065"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/35074"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/35198"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/35200"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/35204"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/35210"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/35379"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://security.gentoo.org/glsa/glsa-200905-05.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-270268-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://support.apple.com/kb/HT3549"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://support.apple.com/kb/HT3613"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://support.apple.com/kb/HT3639"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://support.apple.com/kb/HT4435"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2009/dsa-1784"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:243"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2009-0329.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2009-1061.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2009-1062.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/34550"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-767-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2009/1058"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2009/1297"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2009/1522"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2009/1621"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=491384"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10149"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2009:1062", "cpe": "cpe:/o:redhat:enterprise_linux:2.1", "package": "freetype-0:2.0.3-17.el21", "product_name": "Red Hat Enterprise Linux 2.1", "release_date": "2009-05-22T00:00:00Z"}, {"advisory": "RHSA-2009:0329", "cpe": "cpe:/o:redhat:enterprise_linux:3", "package": "freetype-0:2.1.4-12.el3", "product_name": "Red Hat Enterprise Linux 3", "release_date": "2009-05-22T00:00:00Z"}, {"advisory": "RHSA-2009:0329", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "freetype-0:2.1.9-10.el4.7", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2009-05-22T00:00:00Z"}, {"advisory": "RHSA-2009:1061", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "freetype-0:2.2.1-21.el5_3", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2009-05-22T00:00:00Z"}], "bugzilla": {"description": "freetype: multiple integer overflows", "id": "491384", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=491384"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified"}, "cwe": "CWE-190", "details": ["Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c."], "name": "CVE-2009-0946", "public_date": "2009-03-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2009-0946\nhttps://nvd.nist.gov/vuln/detail/CVE-2009-0946"], "threat_severity": "Important"}

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object