7.5
CVE-2009-0946
- EPSS 8.54%
- Veröffentlicht 17.04.2009 00:30:00
- Zuletzt bearbeitet 16.06.2026 23:06:10
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Debian ≫ Debian Linux Version4.0
Debian ≫ Debian Linux Version5.0
Debian ≫ Debian Linux Version6.0
Canonical ≫ Ubuntu Linux Version6.06
Canonical ≫ Ubuntu Linux Version8.04 SwEdition-
Canonical ≫ Ubuntu Linux Version8.10
Canonical ≫ Ubuntu Linux Version9.04
Suse ≫ Linux Enterprise Server Version10 Update-
Suse ≫ Linux Enterprise Server Version11 Update-
Apple ≫ macOS X Server Version >= 10.6.0 <= 10.6.4
Apple ≫ macOS X Server Version10.4.11
Apple ≫ macOS X Server Version10.5.8
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 8.54% | 0.944 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-190 Integer Overflow or Wraparound
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
http://secunia.com/advisories/35074
http://support.apple.com/kb/HT3549
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
http://www.vupen.com/english/advisories/2009/1297
http://secunia.com/advisories/35200
http://secunia.com/advisories/35204
http://www.redhat.com/support/errata/RHSA-2009-0329.html
http://www.redhat.com/support/errata/RHSA-2009-1062.html
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
http://secunia.com/advisories/35379
http://support.apple.com/kb/HT3613
http://www.vupen.com/english/advisories/2009/1522
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
http://secunia.com/advisories/35065
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
http://support.apple.com/kb/HT3639
http://www.vupen.com/english/advisories/2009/1621
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
http://support.apple.com/kb/HT4435
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0545ec1ca36b27cb928128870a83e5f668980bc5
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=79972af4f0485a11dcb19551356c45245749fc5b
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a18788b14db60ae3673f932249cd02d33a227c4e
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog
http://secunia.com/advisories/34723
http://secunia.com/advisories/34913
http://secunia.com/advisories/34967
http://secunia.com/advisories/35198
http://secunia.com/advisories/35210
http://security.gentoo.org/glsa/glsa-200905-05.xml
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270268-1
http://www.debian.org/security/2009/dsa-1784
http://www.mandriva.com/security/advisories?name=MDVSA-2009:243
http://www.redhat.com/support/errata/RHSA-2009-1061.html
http://www.securityfocus.com/bid/34550
http://www.ubuntu.com/usn/USN-767-1
http://www.vupen.com/english/advisories/2009/1058
https://bugzilla.redhat.com/show_bug.cgi?id=491384
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10149