CVE - CVE-2009-0946

CVE-ID
CVE-2009-0946	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CONFIRM:http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0545ec1ca36b27cb928128870a83e5f668980bc5 CONFIRM:http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=79972af4f0485a11dcb19551356c45245749fc5b CONFIRM:http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a18788b14db60ae3673f932249cd02d33a227c4e CONFIRM:http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=491384 CONFIRM:http://support.apple.com/kb/HT3549 CONFIRM:http://support.apple.com/kb/HT3613 CONFIRM:http://support.apple.com/kb/HT3639 CONFIRM:http://support.apple.com/kb/HT4435 APPLE:APPLE-SA-2009-05-12 URL:http://lists.apple.com/archives/security-announce/2009/May/msg00002.html APPLE:APPLE-SA-2009-06-08-1 URL:http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html APPLE:APPLE-SA-2009-06-17-1 URL:http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html APPLE:APPLE-SA-2010-11-10-1 URL:http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html DEBIAN:DSA-1784 URL:http://www.debian.org/security/2009/dsa-1784 GENTOO:GLSA-200905-05 URL:http://security.gentoo.org/glsa/glsa-200905-05.xml MANDRIVA:MDVSA-2009:243 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:243 REDHAT:RHSA-2009:0329 URL:http://www.redhat.com/support/errata/RHSA-2009-0329.html REDHAT:RHSA-2009:1061 URL:http://www.redhat.com/support/errata/RHSA-2009-1061.html REDHAT:RHSA-2009:1062 URL:http://www.redhat.com/support/errata/RHSA-2009-1062.html SUNALERT:270268 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-66-270268-1 SUSE:SUSE-SR:2009:010 URL:http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html UBUNTU:USN-767-1 URL:http://www.ubuntu.com/usn/USN-767-1 CERT:TA09-133A URL:http://www.us-cert.gov/cas/techalerts/TA09-133A.html BID:34550 URL:http://www.securityfocus.com/bid/34550 OVAL:oval:org.mitre.oval:def:10149 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10149 SECUNIA:34723 URL:http://secunia.com/advisories/34723 SECUNIA:34913 URL:http://secunia.com/advisories/34913 SECUNIA:34967 URL:http://secunia.com/advisories/34967 SECUNIA:35065 URL:http://secunia.com/advisories/35065 SECUNIA:35074 URL:http://secunia.com/advisories/35074 SECUNIA:35198 URL:http://secunia.com/advisories/35198 SECUNIA:35200 URL:http://secunia.com/advisories/35200 SECUNIA:35204 URL:http://secunia.com/advisories/35204 SECUNIA:35210 URL:http://secunia.com/advisories/35210 SECUNIA:35379 URL:http://secunia.com/advisories/35379 VUPEN:ADV-2009-1058 URL:http://www.vupen.com/english/advisories/2009/1058 VUPEN:ADV-2009-1297 URL:http://www.vupen.com/english/advisories/2009/1297 VUPEN:ADV-2009-1522 URL:http://www.vupen.com/english/advisories/2009/1522 VUPEN:ADV-2009-1621 URL:http://www.vupen.com/english/advisories/2009/1621
Assigning CNA
N/A
Date Entry Created
20090318	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20090318)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org

Use of the Common Vulnerabilities and Exposures (CVE®) List and the associated references from this website are subject to the terms of use. CVE is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Copyright © 1999–2018, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation. For more information, please contact us.