CVE-2009-0946

Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=491384	Issue Tracking Patch Third Party Advisory
http://secunia.com/advisories/34723	Third Party Advisory
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=79972af4f0485a11dcb19551356c45245749fc5b	Patch Third Party Advisory
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0545ec1ca36b27cb928128870a83e5f668980bc5	Patch Third Party Advisory
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a18788b14db60ae3673f932249cd02d33a227c4e	Patch Third Party Advisory
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog	Release Notes Third Party Advisory
http://www.vupen.com/english/advisories/2009/1058	Third Party Advisory
http://www.securityfocus.com/bid/34550	Third Party Advisory VDB Entry
http://secunia.com/advisories/34913	Third Party Advisory
http://www.ubuntu.com/usn/USN-767-1	Third Party Advisory
http://secunia.com/advisories/34967	Third Party Advisory
http://www.debian.org/security/2009/dsa-1784	Third Party Advisory
http://secunia.com/advisories/35065	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html	Mailing List Third Party Advisory
http://www.vupen.com/english/advisories/2009/1297	Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA09-133A.html	Third Party Advisory US Government Resource
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html	Mailing List Third Party Advisory
http://secunia.com/advisories/35074	Third Party Advisory
http://support.apple.com/kb/HT3549	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2009-1062.html	Third Party Advisory
http://secunia.com/advisories/35200	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2009-1061.html	Third Party Advisory
http://secunia.com/advisories/35204	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2009-0329.html	Third Party Advisory
http://secunia.com/advisories/35198	Third Party Advisory
http://security.gentoo.org/glsa/glsa-200905-05.xml	Third Party Advisory
http://secunia.com/advisories/35210	Third Party Advisory
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html	Broken Link
http://www.vupen.com/english/advisories/2009/1522	Third Party Advisory
http://support.apple.com/kb/HT3613	Third Party Advisory
http://secunia.com/advisories/35379	Third Party Advisory
http://www.vupen.com/english/advisories/2009/1621	Third Party Advisory
http://support.apple.com/kb/HT3639	Third Party Advisory
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html	Mailing List Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270268-1	Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2009:243	Third Party Advisory
http://support.apple.com/kb/HT4435	Broken Link
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html	Mailing List Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10149	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:debian:debian_linux:4.0:::::::*
	cpe:2.3:o:debian:debian_linux:5.0:::::::*
	cpe:2.3:o:debian:debian_linux:6.0:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:8.04::::-:::
	cpe:2.3:o:canonical:ubuntu_linux:8.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:9.04:::::::*

Configuration 4 (hide)

OR	cpe:2.3:o:opensuse:opensuse:10.3:::::::*
	cpe:2.3:o:opensuse:opensuse:11.0:::::::*
	cpe:2.3:o:opensuse:opensuse:11.1:::::::*
	cpe:2.3:o:suse:linux_enterprise_server:10:-::::::
	cpe:2.3:o:suse:linux_enterprise_server:11:-::::::

Configuration 5 (hide)

OR	cpe:2.3:a:apple:safari:4.0:::::::*
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:mac_os_x:10.4.11:::::::*
	cpe:2.3:o:apple:mac_os_x:10.5.8:::::::*
	cpe:2.3:o:apple:mac_os_x::::::::
	cpe:2.3:o:apple:mac_os_x_server:10.4.11:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.5.8:::::::*
	cpe:2.3:o:apple:mac_os_x_server::::::::

Information

Published : 2009-04-16 17:30

Updated : 2021-04-05 12:25

NVD link : CVE-2009-0946

Mitre link : CVE-2009-0946

JSON object : View

CWE

CWE-190

Integer Overflow or Wraparound

Products Affected

apple

mac_os_x_server
mac_os_x
safari
iphone_os

freetype

freetype

canonical

ubuntu_linux

debian

debian_linux

suse

linux_enterprise_server

opensuse

opensuse

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=491384", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=491384", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/34723", "name": "34723", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=79972af4f0485a11dcb19551356c45245749fc5b", "name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=79972af4f0485a11dcb19551356c45245749fc5b", "tags": ["Patch", "Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0545ec1ca36b27cb928128870a83e5f668980bc5", "name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0545ec1ca36b27cb928128870a83e5f668980bc5", "tags": ["Patch", "Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a18788b14db60ae3673f932249cd02d33a227c4e", "name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a18788b14db60ae3673f932249cd02d33a227c4e", "tags": ["Patch", "Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog", "name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog", "tags": ["Release Notes", "Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.vupen.com/english/advisories/2009/1058", "name": "ADV-2009-1058", "tags": ["Third Party Advisory"], "refsource": "VUPEN"}, {"url": "http://www.securityfocus.com/bid/34550", "name": "34550", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/34913", "name": "34913", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.ubuntu.com/usn/USN-767-1", "name": "USN-767-1", "tags": ["Third Party Advisory"], "refsource": "UBUNTU"}, {"url": "http://secunia.com/advisories/34967", "name": "34967", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.debian.org/security/2009/dsa-1784", "name": "DSA-1784", "tags": ["Third Party Advisory"], "refsource": "DEBIAN"}, {"url": "http://secunia.com/advisories/35065", "name": "35065", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html", "name": "SUSE-SR:2009:010", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://www.vupen.com/english/advisories/2009/1297", "name": "ADV-2009-1297", "tags": ["Third Party Advisory"], "refsource": "VUPEN"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html", "name": "TA09-133A", "tags": ["Third Party Advisory", "US Government Resource"], "refsource": "CERT"}, {"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html", "name": "APPLE-SA-2009-05-12", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "APPLE"}, {"url": "http://secunia.com/advisories/35074", "name": "35074", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://support.apple.com/kb/HT3549", "name": "http://support.apple.com/kb/HT3549", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.redhat.com/support/errata/RHSA-2009-1062.html", "name": "RHSA-2009:1062", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://secunia.com/advisories/35200", "name": "35200", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.redhat.com/support/errata/RHSA-2009-1061.html", "name": "RHSA-2009:1061", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://secunia.com/advisories/35204", "name": "35204", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.redhat.com/support/errata/RHSA-2009-0329.html", "name": "RHSA-2009:0329", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://secunia.com/advisories/35198", "name": "35198", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://security.gentoo.org/glsa/glsa-200905-05.xml", "name": "GLSA-200905-05", "tags": ["Third Party Advisory"], "refsource": "GENTOO"}, {"url": "http://secunia.com/advisories/35210", "name": "35210", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html", "name": "APPLE-SA-2009-06-08-1", "tags": ["Broken Link"], "refsource": "APPLE"}, {"url": "http://www.vupen.com/english/advisories/2009/1522", "name": "ADV-2009-1522", "tags": ["Third Party Advisory"], "refsource": "VUPEN"}, {"url": "http://support.apple.com/kb/HT3613", "name": "http://support.apple.com/kb/HT3613", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/35379", "name": "35379", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2009/1621", "name": "ADV-2009-1621", "tags": ["Third Party Advisory"], "refsource": "VUPEN"}, {"url": "http://support.apple.com/kb/HT3639", "name": "http://support.apple.com/kb/HT3639", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html", "name": "APPLE-SA-2009-06-17-1", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "APPLE"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-270268-1", "name": "270268", "tags": ["Broken Link"], "refsource": "SUNALERT"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:243", "name": "MDVSA-2009:243", "tags": ["Third Party Advisory"], "refsource": "MANDRIVA"}, {"url": "http://support.apple.com/kb/HT4435", "name": "http://support.apple.com/kb/HT4435", "tags": ["Broken Link"], "refsource": "CONFIRM"}, {"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html", "name": "APPLE-SA-2010-11-10-1", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "APPLE"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10149", "name": "oval:org.mitre.oval:def:10149", "tags": ["Third Party Advisory"], "refsource": "OVAL"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-190"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2009-0946", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "acInsufInfo": false, "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2009-04-17T00:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2.3.9"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:10:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:apple:safari:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2.2.1", "versionStartIncluding": "1.0.0"}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "10.6.4", "versionStartIncluding": "10.6.0"}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.5.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "10.6.4", "versionStartIncluding": "10.6.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2021-04-05T19:25Z"}

7.5 /10