ID CVE-2009-0946
Summary Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.
References
Vulnerable Configurations
  • cpe:2.3:a:freetype:freetype:1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:1.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.0.0:-:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.0.0:-:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.0.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.0.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.0.0:beta3:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.0.0:beta3:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.0.0:beta4:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.0.0:beta4:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.1:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.1.1:-:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.1.1:-:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.1.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.1.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.1.2:-:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.1.2:-:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.1.2:rc1:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.1.2:rc1:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.1.3:-:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.1.3:-:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.1.3:rc1:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.1.3:rc1:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.1.3:rc2:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.1.3:rc2:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.1.3:rc3:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.1.3:rc3:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.1.4:-:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.1.4:-:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.1.4:rc1:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.1.4:rc1:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.1.4:rc2:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.1.4:rc2:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.1.5:-:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.1.5:-:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.1.5:rc1:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.1.5:rc1:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.1.5:rc2:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.1.5:rc2:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.1.8:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.1.8:-:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.1.8:-:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.1.8:rc1:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.1.8:rc1:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.1.8_rc1:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.1.8_rc1:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.1.9:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.1.9:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.1.10:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.1.10:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.2:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.2.0:-:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.2.0:-:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.2.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.2.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.2.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.2.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.2.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.2.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.2.0:rc4:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.2.0:rc4:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.3.0:-:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.3.0:-:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.3.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.3.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.3.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.3.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.3.7:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.3.8:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.3.8:*:*:*:*:*:*:*
  • cpe:2.3:a:freetype:freetype:2.3.9:*:*:*:*:*:*:*
    cpe:2.3:a:freetype:freetype:2.3.9:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:10:-:*:*:*:*:*:*
    cpe:2.3:o:suse:linux_enterprise_server:10:-:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*
    cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*
  • cpe:2.3:a:apple:safari:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:apple:safari:4.0:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:1.0.0:-:iphone:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:1.0.0:-:iphone:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:1.0.1:-:iphone:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:1.0.1:-:iphone:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:1.0.2:-:iphone:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:1.0.2:-:iphone:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:1.1.0:-:iphone:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:1.1.0:-:iphone:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:1.1.0:-:ipodtouch:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:1.1.0:-:ipodtouch:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:1.1.1:-:iphone:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:1.1.1:-:iphone:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:1.1.1:-:ipodtouch:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:1.1.1:-:ipodtouch:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:1.1.2:-:iphone:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:1.1.2:-:iphone:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:1.1.2:-:ipodtouch:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:1.1.2:-:ipodtouch:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:1.1.3:-:iphone:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:1.1.3:-:iphone:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:1.1.3:-:ipodtouch:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:1.1.3:-:ipodtouch:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:1.1.4:-:iphone:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:1.1.4:-:iphone:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:1.1.4:-:ipodtouch:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:1.1.4:-:ipodtouch:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:1.1.5:-:iphone:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:1.1.5:-:iphone:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:1.1.5:-:ipodtouch:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:1.1.5:-:ipodtouch:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:2.0.0:-:iphone:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:2.0.0:-:iphone:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:2.0.0:-:ipodtouch:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:2.0.0:-:ipodtouch:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:2.0.1:-:iphone:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:2.0.1:-:iphone:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:2.0.1:-:ipodtouch:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:2.0.1:-:ipodtouch:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:2.0.2:-:iphone:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:2.0.2:-:iphone:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:2.0.2:-:ipodtouch:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:2.0.2:-:ipodtouch:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:2.1:-:iphone:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:2.1:-:iphone:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:2.1:-:ipodtouch:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:2.1:-:ipodtouch:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:2.2:-:iphone:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:2.2:-:iphone:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:2.2:-:ipodtouch:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:2.2:-:ipodtouch:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:2.2.1:-:iphone:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:2.2.1:-:iphone:*:*:*:*:*
  • cpe:2.3:o:apple:iphone_os:2.2.1:-:ipodtouch:*:*:*:*:*
    cpe:2.3:o:apple:iphone_os:2.2.1:-:ipodtouch:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:10.6.0:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:10.6.1:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.6.1:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:10.6.2:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.6.2:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:10.6.3:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.6.3:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x_server:10.5.8:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x_server:10.5.8:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x_server:10.6.0:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x_server:10.6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x_server:10.6.1:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x_server:10.6.1:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x_server:10.6.2:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x_server:10.6.2:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x_server:10.6.3:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x_server:10.6.3:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x_server:10.6.4:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x_server:10.6.4:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 05-04-2021 - 19:25)
Impact:
Exploitability:
CWE CWE-190
CAPEC
  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
oval via4
accepted 2013-04-29T04:02:15.959-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.
family unix
id oval:org.mitre.oval:def:10149
status accepted
submitted 2010-07-09T03:56:16-04:00
title Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.
version 30
redhat via4
advisories
  • bugzilla
    id 491384
    title CVE-2009-0946 freetype: multiple integer overflows
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 4 is installed
        oval oval:com.redhat.rhba:tst:20070304025
      • OR
        • AND
          • comment freetype is earlier than 0:2.1.9-10.el4.7
            oval oval:com.redhat.rhsa:tst:20090329001
          • comment freetype is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060500002
        • AND
          • comment freetype-demos is earlier than 0:2.1.9-10.el4.7
            oval oval:com.redhat.rhsa:tst:20090329003
          • comment freetype-demos is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060500004
        • AND
          • comment freetype-devel is earlier than 0:2.1.9-10.el4.7
            oval oval:com.redhat.rhsa:tst:20090329005
          • comment freetype-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060500006
        • AND
          • comment freetype-utils is earlier than 0:2.1.9-10.el4.7
            oval oval:com.redhat.rhsa:tst:20090329007
          • comment freetype-utils is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060500008
    rhsa
    id RHSA-2009:0329
    released 2009-05-22
    severity Important
    title RHSA-2009:0329: freetype security update (Important)
  • bugzilla
    id 491384
    title CVE-2009-0946 freetype: multiple integer overflows
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • comment freetype is earlier than 0:2.2.1-21.el5_3
            oval oval:com.redhat.rhsa:tst:20091061001
          • comment freetype is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070150011
        • AND
          • comment freetype-demos is earlier than 0:2.2.1-21.el5_3
            oval oval:com.redhat.rhsa:tst:20091061003
          • comment freetype-demos is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070150013
        • AND
          • comment freetype-devel is earlier than 0:2.2.1-21.el5_3
            oval oval:com.redhat.rhsa:tst:20091061005
          • comment freetype-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070150015
    rhsa
    id RHSA-2009:1061
    released 2009-05-22
    severity Important
    title RHSA-2009:1061: freetype security update (Important)
  • rhsa
    id RHSA-2009:1062
rpms
  • freetype-0:2.1.4-12.el3
  • freetype-0:2.1.9-10.el4.7
  • freetype-debuginfo-0:2.1.4-12.el3
  • freetype-debuginfo-0:2.1.9-10.el4.7
  • freetype-demos-0:2.1.9-10.el4.7
  • freetype-devel-0:2.1.4-12.el3
  • freetype-devel-0:2.1.9-10.el4.7
  • freetype-utils-0:2.1.9-10.el4.7
  • freetype-0:2.2.1-21.el5_3
  • freetype-debuginfo-0:2.2.1-21.el5_3
  • freetype-demos-0:2.2.1-21.el5_3
  • freetype-devel-0:2.2.1-21.el5_3
  • freetype-0:2.0.3-17.el21
  • freetype-devel-0:2.0.3-17.el21
  • freetype-utils-0:2.0.3-17.el21
refmap via4
apple
  • APPLE-SA-2009-05-12
  • APPLE-SA-2009-06-08-1
  • APPLE-SA-2009-06-17-1
  • APPLE-SA-2010-11-10-1
bid 34550
cert TA09-133A
confirm
debian DSA-1784
gentoo GLSA-200905-05
mandriva MDVSA-2009:243
secunia
  • 34723
  • 34913
  • 34967
  • 35065
  • 35074
  • 35198
  • 35200
  • 35204
  • 35210
  • 35379
sunalert 270268
suse SUSE-SR:2009:010
ubuntu USN-767-1
vupen
  • ADV-2009-1058
  • ADV-2009-1297
  • ADV-2009-1522
  • ADV-2009-1621
Last major update 05-04-2021 - 19:25
Published 17-04-2009 - 00:30
Last modified 05-04-2021 - 19:25
Back to Top