CVE-2009-0946 Information

Feb 14, 2021 cve

Description

Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c (2) sfnt/ttcmap.c and (3) cff/cffload.c.

Reference

http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0545ec1ca36b27cb928128870a83e5f668980bc5 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=79972af4f0485a11dcb19551356c45245749fc5b http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a18788b14db60ae3673f932249cd02d33a227c4e http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://secunia.com/advisories/34723 http://secunia.com/advisories/34913 http://secunia.com/advisories/34967 http://secunia.com/advisories/35065 http://secunia.com/advisories/35074 http://secunia.com/advisories/35198 http://secunia.com/advisories/35200 http://secunia.com/advisories/35204 http://secunia.com/advisories/35210 http://secunia.com/advisories/35379 http://security.gentoo.org/glsa/glsa-200905-05.xml http://sunsolve.sun.com/search/document.do?assetkey=1-66-270268-1 http://support.apple.com/kb/HT3549 http://support.apple.com/kb/HT3613 http://support.apple.com/kb/HT3639 http://support.apple.com/kb/HT4435 http://www.debian.org/security/2009/dsa-1784 http://www.mandriva.com/security/advisories?name=MDVSA-2009:243 http://www.redhat.com/support/errata/RHSA-2009-0329.html http://www.redhat.com/support/errata/RHSA-2009-1061.html http://www.redhat.com/support/errata/RHSA-2009-1062.html http://www.securityfocus.com/bid/34550 http://www.ubuntu.com/usn/USN-767-1 http://www.us-cert.gov/cas/techalerts/TA09-133A.html http://www.vupen.com/english/advisories/2009/1058 http://www.vupen.com/english/advisories/2009/1297 http://www.vupen.com/english/advisories/2009/1522 http://www.vupen.com/english/advisories/2009/1621 https://bugzilla.redhat.com/show_bug.cgi?id=491384 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10149

Share on: