ID 20B4F284-2BFC-11DE-BDEB-0030843D3802 Type freebsd Reporter FreeBSD Modified 2009-04-16T00:00:00
Description
Secunia reports:
Some vulnerabilities have been reported in FreeType, which can be
exploited by malicious people to potentially compromise an application
using the library.
An integer overflow error within the "cff_charset_compute_cids()"
function in cff/cffload.c can be exploited to potentially cause a
heap-based buffer overflow via a specially crafted font.
Multiple integer overflow errors within validation functions in
sfnt/ttcmap.c can be exploited to bypass length validations and
potentially cause buffer overflows via specially crafted fonts.
An integer overflow error within the "ft_smooth_render_generic()"
function in smooth/ftsmooth.c can be exploited to potentially cause a
heap-based buffer overflow via a specially crafted font.
{"reporter": "FreeBSD", "published": "2009-04-16T00:00:00", "cvelist": ["CVE-2009-0946"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "2.3.9_1", "packageFilename": "UNKNOWN", "packageName": "freetype2", "arch": "noarch", "operator": "lt"}], "title": "freetype2 -- multiple vulnerabilities", "objectVersion": "1.2", "type": "freebsd", "href": "https://vuxml.freebsd.org/freebsd/20b4f284-2bfc-11de-bdeb-0030843d3802.html", "bulletinFamily": "unix", "hashmap": [{"hash": "74db5fd75bc46809096d4cfa0bd94b36", "key": "affectedPackage"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "9f58891bbf681f188b275a665b811217", "key": "cvelist"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "503b1c72a74fee86bb2aabadc9981c16", "key": "description"}, {"hash": "8bfba2029bbff6cd9dd5d6d7fdb791a7", "key": "href"}, {"hash": "d73da2fab595cc95d23fce85840a4051", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "d73da2fab595cc95d23fce85840a4051", "key": "published"}, {"hash": "d749579aedd893cfab4138598f49fefa", "key": "references"}, {"hash": "a3dc630729e463135f4e608954fa6e19", "key": "reporter"}, {"hash": "4f8656d07c31191716a85f6681dd2a8f", "key": "title"}, {"hash": "1527e888767cdce15d200b870b39cfd0", "key": "type"}, {"hash": "cfcd208495d565ef66e7dff9f98764da", "key": "viewCount"}], "history": [], "enchantments": {"vulnersScore": 7.5}, "modified": "2009-04-16T00:00:00", "hash": "74f655ab103bbd3371d10d675d75c5bb4effef83b40ae1a7aa234a7b2004847a", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "viewCount": 0, "edition": 1, "description": "\nSecunia reports:\n\nSome vulnerabilities have been reported in FreeType, which can be\n\t exploited by malicious people to potentially compromise an application\n\t using the library.\nAn integer overflow error within the \"cff_charset_compute_cids()\"\n\t function in cff/cffload.c can be exploited to potentially cause a\n\t heap-based buffer overflow via a specially crafted font.\nMultiple integer overflow errors within validation functions in\n\t sfnt/ttcmap.c can be exploited to bypass length validations and\n\t potentially cause buffer overflows via specially crafted fonts.\nAn integer overflow error within the \"ft_smooth_render_generic()\"\n\t function in smooth/ftsmooth.c can be exploited to potentially cause a\n\t heap-based buffer overflow via a specially crafted font.\n\n", "references": ["http://secunia.com/advisories/34723/"], "id": "20B4F284-2BFC-11DE-BDEB-0030843D3802", "lastseen": "2016-09-26T17:24:53"}
{"result": {"cve": [{"id": "CVE-2009-0946", "type": "cve", "title": "CVE-2009-0946", "description": "Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.", "published": "2009-04-16T20:30:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0946", "cvelist": ["CVE-2009-0946"], "lastseen": "2017-09-29T14:26:32"}], "nessus": [{"id": "SUSE9_12398.NASL", "type": "nessus", "title": "SuSE9 Security Update : freetype2 (YOU Patch Number 12398)", "description": "Freetype was updated to fix some integer overflows that can be exploited remotely in conjunction with programs like a web-browser.\n(CVE-2009-0946) Thanks to Tavis Ormandy who found the bugs.", "published": "2009-09-24T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=41294", "cvelist": ["CVE-2009-0946"], "lastseen": "2017-10-29T13:45:25"}, {"id": "DEBIAN_DSA-1784.NASL", "type": "nessus", "title": "Debian DSA-1784-1 : freetype - integer overflows", "description": "Tavis Ormandy discovered several integer overflows in FreeType, a library to process and access font files, resulting in heap- or stack-based buffer overflows leading to application crashes or the execution of arbitrary code via a crafted font file.", "published": "2009-05-01T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=38656", "cvelist": ["CVE-2009-0946"], "lastseen": "2017-10-29T13:42:22"}, {"id": "GENTOO_GLSA-200905-05.NASL", "type": "nessus", "title": "GLSA-200905-05 : FreeType: Multiple vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-200905-05 (FreeType: Multiple vulnerabilities)\n\n Tavis Ormandy reported multiple integer overflows in the cff_charset_compute_cids() function in cff/cffload.c, sfnt/tccmap.c and the ft_smooth_render_generic() function in smooth/ftsmooth.c, possibly leading to heap or stack-based buffer overflows.\n Impact :\n\n A remote attacker could entice a user or automated system to open a specially crafted font file, possibly resulting in the execution of arbitrary code with the privileges of the user running the application, or a Denial of Service.\n Workaround :\n\n There is no known workaround at this time.", "published": "2009-05-26T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=38886", "cvelist": ["CVE-2009-0946"], "lastseen": "2017-10-29T13:39:40"}, {"id": "SUSE_11_1_FREETYPE2-090416.NASL", "type": "nessus", "title": "openSUSE Security Update : freetype2 (freetype2-794)", "description": "Freetype was updated to fix some integer overflows that can be exploited remotely in conjunction with programs like a web-browser.\n(CVE-2009-0946) Thanks to Tavis Ormandy who found the bugs.", "published": "2009-07-21T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=40217", "cvelist": ["CVE-2009-0946"], "lastseen": "2017-10-29T13:39:25"}, {"id": "FREEBSD_PKG_20B4F2842BFC11DEBDEB0030843D3802.NASL", "type": "nessus", "title": "FreeBSD : freetype2 -- multiple vulnerabilities (20b4f284-2bfc-11de-bdeb-0030843d3802)", "description": "Secunia reports :\n\nSome vulnerabilities have been reported in FreeType, which can be exploited by malicious people to potentially compromise an application using the library.\n\nAn integer overflow error within the 'cff_charset_compute_cids()' function in cff/cffload.c can be exploited to potentially cause a heap-based buffer overflow via a specially crafted font.\n\nMultiple integer overflow errors within validation functions in sfnt/ttcmap.c can be exploited to bypass length validations and potentially cause buffer overflows via specially crafted fonts.\n\nAn integer overflow error within the 'ft_smooth_render_generic()' function in smooth/ftsmooth.c can be exploited to potentially cause a heap-based buffer overflow via a specially crafted font.", "published": "2009-04-21T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=36191", "cvelist": ["CVE-2009-0946"], "lastseen": "2017-10-29T13:34:29"}, {"id": "ORACLELINUX_ELSA-2009-1061.NASL", "type": "nessus", "title": "Oracle Linux 5 : freetype (ELSA-2009-1061)", "description": "From Red Hat Security Advisory 2009:1061 :\n\nUpdated freetype packages that fix various security issues are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nFreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. These packages provide the FreeType 2 font engine.\n\nTavis Ormandy of the Google Security Team discovered several integer overflow flaws in the FreeType 2 font engine. If a user loaded a carefully-crafted font file with an application linked against FreeType 2, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2009-0946)\n\nUsers are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect.", "published": "2013-07-12T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=67864", "cvelist": ["CVE-2009-0946"], "lastseen": "2017-10-29T13:41:42"}, {"id": "SUSE_11_0_FREETYPE2-090417.NASL", "type": "nessus", "title": "openSUSE Security Update : freetype2 (freetype2-794)", "description": "Freetype was updated to fix some integer overflows that can be exploited remotely in conjunction with programs like a web-browser.\n(CVE-2009-0946) Thanks to Tavis Ormandy who found the bugs.", "published": "2009-07-21T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=39965", "cvelist": ["CVE-2009-0946"], "lastseen": "2017-10-29T13:38:30"}, {"id": "SUSE_11_FREETYPE2-090416.NASL", "type": "nessus", "title": "SuSE 11 Security Update : freetype2 (SAT Patch Number 792)", "description": "Freetype was updated to fix some integer overflows that can be exploited remotely in conjunction with programs like a web-browser.\n(CVE-2009-0946) Thanks to Tavis Ormandy who found the bugs.", "published": "2009-09-24T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=41393", "cvelist": ["CVE-2009-0946"], "lastseen": "2017-10-29T13:36:58"}, {"id": "UBUNTU_USN-767-1.NASL", "type": "nessus", "title": "Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : freetype vulnerability (USN-767-1)", "description": "Tavis Ormandy discovered that FreeType did not correctly handle certain large values in font files. If a user were tricked into using a specially crafted font file, a remote attacker could execute arbitrary code with user privileges.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2009-04-28T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=38196", "cvelist": ["CVE-2009-0946"], "lastseen": "2017-10-29T13:37:19"}, {"id": "SUSE_FREETYPE2-6185.NASL", "type": "nessus", "title": "openSUSE 10 Security Update : freetype2 (freetype2-6185)", "description": "Freetype was updated to fix some integer overflows that can be exploited remotely in conjunction with programs like a web-browser.\n(CVE-2009-0946) Thanks to Tavis Ormandy who found the bugs.", "published": "2009-05-05T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=38684", "cvelist": ["CVE-2009-0946"], "lastseen": "2017-10-29T13:43:13"}], "redhat": [{"id": "RHSA-2009:1061", "type": "redhat", "title": "(RHSA-2009:1061) Important: freetype security update", "description": "FreeType is a free, high-quality, portable font engine that can open and\nmanage font files. It also loads, hints, and renders individual glyphs\nefficiently. These packages provide the FreeType 2 font engine.\n\nTavis Ormandy of the Google Security Team discovered several integer\noverflow flaws in the FreeType 2 font engine. If a user loaded a\ncarefully-crafted font file with an application linked against FreeType 2,\nit could cause the application to crash or, possibly, execute arbitrary\ncode with the privileges of the user running the application.\n(CVE-2009-0946)\n\nUsers are advised to upgrade to these updated packages, which contain a\nbackported patch to correct these issues. The X server must be restarted\n(log out, then log back in) for this update to take effect.", "published": "2009-05-22T04:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2009:1061", "cvelist": ["CVE-2009-0946"], "lastseen": "2017-09-09T07:20:21"}, {"id": "RHSA-2009:1062", "type": "redhat", "title": "(RHSA-2009:1062) Important: freetype security update", "description": "FreeType is a free, high-quality, portable font engine that can open and\nmanage font files. It also loads, hints, and renders individual glyphs\nefficiently. These packages provide both the FreeType 1 and FreeType 2\nfont engines.\n\nTavis Ormandy of the Google Security Team discovered several integer\noverflow flaws in the FreeType 2 font engine. If a user loaded a\ncarefully-crafted font file with an application linked against FreeType 2,\nit could cause the application to crash or, possibly, execute arbitrary\ncode with the privileges of the user running the application.\n(CVE-2009-0946)\n\nChris Evans discovered multiple integer overflow flaws in the FreeType font\nengine. If a user loaded a carefully-crafted font file with an application\nlinked against FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2006-1861)\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed TrueType\u00ae Font (TTF) files. If a user loaded a carefully-crafted\nfont file with an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2007-2754)\n\nNote: For the FreeType 2 font engine, the CVE-2006-1861 and CVE-2007-2754\nflaws were addressed via RHSA-2006:0500 and RHSA-2007:0403 respectively.\nThis update provides corresponding updates for the FreeType 1 font engine,\nincluded in the freetype packages distributed in Red Hat Enterprise Linux\n2.1.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be restarted\n(log out, then log back in) for this update to take effect.", "published": "2009-05-22T04:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2009:1062", "cvelist": ["CVE-2006-1861", "CVE-2007-2754", "CVE-2009-0946"], "lastseen": "2018-03-14T15:44:10"}, {"id": "RHSA-2009:0329", "type": "redhat", "title": "(RHSA-2009:0329) Important: freetype security update", "description": "FreeType is a free, high-quality, portable font engine that can open and\nmanage font files. It also loads, hints, and renders individual glyphs\nefficiently. These packages provide both the FreeType 1 and FreeType 2\nfont engines.\n\nTavis Ormandy of the Google Security Team discovered several integer\noverflow flaws in the FreeType 2 font engine. If a user loaded a\ncarefully-crafted font file with an application linked against FreeType 2,\nit could cause the application to crash or, possibly, execute arbitrary\ncode with the privileges of the user running the application.\n(CVE-2009-0946)\n\nChris Evans discovered multiple integer overflow flaws in the FreeType font\nengine. If a user loaded a carefully-crafted font file with an application\nlinked against FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2006-1861)\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed TrueType\u00ae Font (TTF) files. If a user loaded a carefully-crafted\nfont file with an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2007-2754)\n\nA flaw was discovered in the FreeType TTF font-file format parser when the\nTrueType virtual machine Byte Code Interpreter (BCI) is enabled. If a user\nloaded a carefully-crafted font file with an application linked against\nFreeType, it could cause the application to crash or, possibly, execute\narbitrary code with the privileges of the user running the application.\n(CVE-2008-1808)\n\nThe CVE-2008-1808 flaw did not affect the freetype packages as distributed\nin Red Hat Enterprise Linux 3 and 4, as they are not compiled with TrueType\nBCI support. A fix for this flaw has been included in this update as users\nmay choose to recompile the freetype packages in order to enable TrueType\nBCI support. Red Hat does not, however, provide support for modified and\nrecompiled packages.\n\nNote: For the FreeType 2 font engine, the CVE-2006-1861, CVE-2007-2754,\nand CVE-2008-1808 flaws were addressed via RHSA-2006:0500, RHSA-2007:0403,\nand RHSA-2008:0556 respectively. This update provides corresponding\nupdates for the FreeType 1 font engine, included in the freetype packages\ndistributed in Red Hat Enterprise Linux 3 and 4.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be restarted\n(log out, then log back in) for this update to take effect.", "published": "2009-05-22T04:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2009:0329", "cvelist": ["CVE-2006-1861", "CVE-2007-2754", "CVE-2008-1808", "CVE-2009-0946"], "lastseen": "2018-05-27T21:43:23"}], "seebug": [{"id": "SSV:5124", "type": "seebug", "title": "FreeType\u591a\u4e2a\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e", "description": "BUGTRAQ ID: 34550\r\nCVE(CAN) ID: CVE-2009-0946\r\n\r\nFreeType\u662f\u4e00\u4e2a\u6d41\u884c\u7684\u5b57\u4f53\u51fd\u6570\u5e93\u3002\r\n\r\nFreeType\u5e93\u7684cff/cffload.c\u6587\u4ef6\u4e2d\u7684cff_charset_compute_cids()\u51fd\u6570\u3001smooth /ftsmooth.c\u6587\u4ef6\u4e2d\u7684ft_smooth_render_generic()\u51fd\u6570\u53casfnt/ttcmap.c\u6587\u4ef6\u4e2d\u7684\u591a\u4e2a\u9a8c\u8bc1\u51fd\u6570\u5b58\u5728\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\u3002\u5982\u679c\u7528\u6237\u53d7\u9a97\u6253\u5f00\u4e86\u7578\u5f62\u7684\u5b57\u4f53\u6587\u4ef6\u7684\u8bdd\uff0c\u5c31\u53ef\u80fd\u89e6\u53d1\u8fd9\u4e9b\u6ea2\u51fa\uff0c\u5bfc\u81f4\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\n\nFreeType 2.3.9\n FreeType\r\n--------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=79972af4f0485a11dcb19551356c45245749fc5b target=_blank rel=external nofollow>http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=79972af4f0485a11dcb19551356c45245749fc5b</a>\r\n<a href=http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a18788b14db60ae3673f932249cd02d33a227c4e target=_blank rel=external nofollow>http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a18788b14db60ae3673f932249cd02d33a227c4e</a>\r\n<a href=http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0a05ba257b6ddd87dacf8d54b626e4b360e0a596 target=_blank rel=external nofollow>http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0a05ba257b6ddd87dacf8d54b626e4b360e0a596</a>\r\n<a href=http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0545ec1ca36b27cb928128870a83e5f668980bc5 target=_blank rel=external nofollow>http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0545ec1ca36b27cb928128870a83e5f668980bc5</a>", "published": "2009-04-28T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.seebug.org/vuldb/ssvid-5124", "cvelist": ["CVE-2009-0946"], "lastseen": "2017-11-19T21:19:25"}], "openvas": [{"id": "OPENVAS:64954", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:243 (freetype2)", "description": "The remote host is missing an update to freetype2\nannounced via advisory MDVSA-2009:243.", "published": "2009-09-28T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=64954", "cvelist": ["CVE-2009-0946"], "lastseen": "2017-07-24T12:56:08"}, {"id": "OPENVAS:65100", "type": "openvas", "title": "SLES9: Security update for freetype2", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n freetype2\n freetype2-devel\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5048794 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "published": "2009-10-10T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=65100", "cvelist": ["CVE-2009-0946"], "lastseen": "2017-07-26T08:55:13"}, {"id": "OPENVAS:63936", "type": "openvas", "title": "Debian Security Advisory DSA 1784-1 (freetype)", "description": "The remote host is missing an update to freetype\nannounced via advisory DSA 1784-1.", "published": "2009-05-05T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=63936", "cvelist": ["CVE-2009-0946"], "lastseen": "2017-07-24T12:55:59"}, {"id": "OPENVAS:136141256231064053", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1061 (freetype)", "description": "The remote host is missing updates to freetype announced in\nadvisory CESA-2009:1061.", "published": "2009-05-25T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064053", "cvelist": ["CVE-2009-0946"], "lastseen": "2018-04-06T11:37:51"}, {"id": "OPENVAS:136141256231065770", "type": "openvas", "title": "SLES10: Security update for freetype2", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n freetype2\n freetype2-devel\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "published": "2009-10-13T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065770", "cvelist": ["CVE-2009-0946"], "lastseen": "2018-04-06T11:40:37"}, {"id": "OPENVAS:136141256231065100", "type": "openvas", "title": "SLES9: Security update for freetype2", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n freetype2\n freetype2-devel\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5048794 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "published": "2009-10-10T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065100", "cvelist": ["CVE-2009-0946"], "lastseen": "2018-04-06T11:37:19"}, {"id": "OPENVAS:65663", "type": "openvas", "title": "SLES11: Security update for freetype2", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n freetype2\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/", "published": "2009-10-11T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=65663", "cvelist": ["CVE-2009-0946"], "lastseen": "2017-07-26T08:55:27"}, {"id": "OPENVAS:63862", "type": "openvas", "title": "FreeBSD Ports: freetype2", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "published": "2009-04-20T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=63862", "cvelist": ["CVE-2009-0946"], "lastseen": "2017-07-02T21:14:08"}, {"id": "OPENVAS:1361412562310122482", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2009-1061", "description": "Oracle Linux Local Security Checks ELSA-2009-1061", "published": "2015-10-08T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122482", "cvelist": ["CVE-2009-0946"], "lastseen": "2017-07-24T12:52:59"}, {"id": "OPENVAS:880811", "type": "openvas", "title": "CentOS Update for freetype CESA-2009:1061 centos5 i386", "description": "Check for the Version of freetype", "published": "2011-08-09T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=880811", "cvelist": ["CVE-2009-0946"], "lastseen": "2017-07-25T10:55:47"}], "debian": [{"id": "DSA-1784", "type": "debian", "title": "freetype -- integer overflows", "description": "Tavis Ormandy discovered several integer overflows in FreeType, a library to process and access font files, resulting in heap- or stack-based buffer overflows leading to application crashes or the execution of arbitrary code via a crafted font file.\n\nFor the oldstable distribution (etch), this problem has been fixed in version 2.2.1-5+etch4.\n\nFor the stable distribution (lenny), this problem has been fixed in version 2.3.7-2+lenny1.\n\nFor the testing distribution (squeeze), this problem will be fixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in version 2.3.9-4.1.\n\nWe recommend that you upgrade your freetype packages.", "published": "2009-04-30T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-1784", "cvelist": ["CVE-2009-0946"], "lastseen": "2016-09-02T18:29:59"}], "ubuntu": [{"id": "USN-767-1", "type": "ubuntu", "title": "FreeType vulnerability", "description": "Tavis Ormandy discovered that FreeType did not correctly handle certain large values in font files. If a user were tricked into using a specially crafted font file, a remote attacker could execute arbitrary code with user privileges.", "published": "2009-04-27T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/767-1/", "cvelist": ["CVE-2009-0946"], "lastseen": "2018-03-29T18:19:44"}], "oraclelinux": [{"id": "ELSA-2009-1061", "type": "oraclelinux", "title": "freetype security update", "description": "[2.2.1-21]\n- Add freetype-2009-CVEs.patch\n- Resolves: #496111 ", "published": "2009-05-22T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2009-1061.html", "cvelist": ["CVE-2009-0946"], "lastseen": "2016-09-04T11:15:55"}, {"id": "ELSA-2009-0329", "type": "oraclelinux", "title": "freetype security update", "description": "[2.1.9-10.el4.7]\n- Improve freetype-1.4pre-CVE-2008-1808.patch\n[2.1.9-9.el4.7]\n- Add freetype-2009-CVEs.patch (Fixes CVE-2009-0946)\n (Doesn't apply to freetype1)\n- Add freetype-1.4pre-CVE-2008-1808.patch\n (Corresponds to freetype-2.3.5-CVEs.patch)\n- Add freetype-pre1.4-ttf-overflow.patch\n (Corresponds to freetype-2.1.9-ttf-overflow.patch;\n freetype-2.2.1-bdf-overflow.patch doesn't apply to freetype1)\n- Add freetype-pre1.4-CVE-2006-1861-null-pointer.patch\n (Corresponds to freetype-2.1.9-CVE-2006-1861-null-pointer.patch;\n The rest of CVS-2006-1861 doesn't apply to freetype1)\n- Resolves: #484443\n[2.1.9-8.1.el4]\n- Update patches to remove fuzz, such that it builds again\n- In preparation to fix:\n- Resolves: #484443", "published": "2009-05-26T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2009-0329.html", "cvelist": ["CVE-2009-0946", "CVE-2008-1808", "CVE-2007-2754", "CVE-2006-1861"], "lastseen": "2016-09-04T11:16:48"}], "gentoo": [{"id": "GLSA-200905-05", "type": "gentoo", "title": "FreeType: Multiple vulnerabilities", "description": "### Background\n\nFreeType is a high-quality and portable font engine. \n\n### Description\n\nTavis Ormandy reported multiple integer overflows in the cff_charset_compute_cids() function in cff/cffload.c, sfnt/tccmap.c and the ft_smooth_render_generic() function in smooth/ftsmooth.c, possibly leading to heap or stack-based buffer overflows. \n\n### Impact\n\nA remote attacker could entice a user or automated system to open a specially crafted font file, possibly resulting in the execution of arbitrary code with the privileges of the user running the application, or a Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll FreeType users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/freetype-2.3.9-r1\"", "published": "2009-05-24T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/200905-05", "cvelist": ["CVE-2009-0946"], "lastseen": "2016-09-06T19:46:57"}, {"id": "GLSA-201412-08", "type": "gentoo", "title": "Multiple packages, Multiple vulnerabilities fixed in 2010", "description": "### Background\n\nFor more information on the packages listed in this GLSA, please see their homepage referenced in the ebuild. \n\n### Description\n\nVulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. \n\n * Insight\n * Perl Tk Module\n * Source-Navigator\n * Tk\n * Partimage\n * Mlmmj\n * acl\n * Xinit\n * gzip\n * ncompress\n * liblzw\n * splashutils\n * GNU M4\n * KDE Display Manager\n * GTK+\n * KGet\n * dvipng\n * Beanstalk\n * Policy Mount\n * pam_krb5\n * GNU gv\n * LFTP\n * Uzbl\n * Slim\n * Bitdefender Console\n * iputils\n * DVBStreamer\n\n### Impact\n\nA context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. \n\n### Workaround\n\nThere are no known workarounds at this time.\n\n### Resolution\n\nAll Insight users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-util/insight-6.7.1-r1\"\n \n\nAll Perl Tk Module users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-perl/perl-tk-804.028-r2\"\n \n\nAll Source-Navigator users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-util/sourcenav-5.1.4\"\n \n\nAll Tk users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/tk-8.4.18-r1\"\n \n\nAll Partimage users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-block/partimage-0.6.8\"\n \n\nAll Mlmmj users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-mail/mlmmj-1.2.17.1\"\n \n\nAll acl users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-apps/acl-2.2.49\"\n \n\nAll Xinit users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-apps/xinit-1.2.0-r4\"\n \n\nAll gzip users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-arch/gzip-1.4\"\n \n\nAll ncompress users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-arch/ncompress-4.2.4.3\"\n \n\nAll liblzw users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/liblzw-0.2\"\n \n\nAll splashutils users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=media-gfx/splashutils-1.5.4.3-r3\"\n \n\nAll GNU M4 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-devel/m4-1.4.14-r1\"\n \n\nAll KDE Display Manager users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=kde-base/kdm-4.3.5-r1\"\n \n\nAll GTK+ users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-libs/gtk+-2.18.7\"\n \n\nAll KGet 4.3 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=kde-base/kget-4.3.5-r1\"\n \n\nAll dvipng users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-text/dvipng-1.13\"\n \n\nAll Beanstalk users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-misc/beanstalkd-1.4.6\"\n \n\nAll Policy Mount users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-apps/pmount-0.9.23\"\n \n\nAll pam_krb5 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-auth/pam_krb5-4.3\"\n \n\nAll GNU gv users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-text/gv-3.7.1\"\n \n\nAll LFTP users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-ftp/lftp-4.0.6\"\n \n\nAll Uzbl users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/uzbl-2010.08.05\"\n \n\nAll Slim users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-misc/slim-1.3.2\"\n \n\nAll iputils users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/iputils-20100418\"\n \n\nAll DVBStreamer users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-tv/dvbstreamer-1.1-r1\"\n \n\nGentoo has discontinued support for Bitdefender Console. We recommend that users unmerge Bitdefender Console: \n \n \n # emerge --unmerge \"app-antivirus/bitdefender-console\"\n \n\nNOTE: This is a legacy GLSA. Updates for all affected architectures have been available since 2011. It is likely that your system is already no longer affected by these issues.", "published": "2014-12-11T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/201412-08", "cvelist": ["CVE-2010-2060", "CVE-2009-4411", "CVE-2008-0553", "CVE-2009-0946", "CVE-2010-1511", "CVE-2009-0361", "CVE-2008-6218", "CVE-2008-5907", "CVE-2010-0436", "CVE-2010-1205", "CVE-2007-2741", "CVE-2010-0829", "CVE-2009-4896", "CVE-2010-2945", "CVE-2010-2809", "CVE-2009-0040", "CVE-2010-2192", "CVE-2010-2056", "CVE-2009-2042", "CVE-2010-0001", "CVE-2008-6661", "CVE-2010-2529", "CVE-2009-4029", "CVE-2006-3005", "CVE-2010-2251", "CVE-2009-0360", "CVE-2010-0732", "CVE-2008-1382", "CVE-2009-3736", "CVE-2010-1000", "CVE-2009-2624"], "lastseen": "2016-09-06T19:46:16"}], "centos": [{"id": "CESA-2009:1061", "type": "centos", "title": "freetype security update", "description": "**CentOS Errata and Security Advisory** CESA-2009:1061\n\n\nFreeType is a free, high-quality, portable font engine that can open and\nmanage font files. It also loads, hints, and renders individual glyphs\nefficiently. These packages provide the FreeType 2 font engine.\n\nTavis Ormandy of the Google Security Team discovered several integer\noverflow flaws in the FreeType 2 font engine. If a user loaded a\ncarefully-crafted font file with an application linked against FreeType 2,\nit could cause the application to crash or, possibly, execute arbitrary\ncode with the privileges of the user running the application.\n(CVE-2009-0946)\n\nUsers are advised to upgrade to these updated packages, which contain a\nbackported patch to correct these issues. The X server must be restarted\n(log out, then log back in) for this update to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-May/015893.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-May/015894.html\n\n**Affected packages:**\nfreetype\nfreetype-demos\nfreetype-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-1061.html", "published": "2009-05-22T22:25:29", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2009-May/015893.html", "cvelist": ["CVE-2009-0946"], "lastseen": "2017-10-03T18:24:56"}, {"id": "CESA-2009:0329", "type": "centos", "title": "freetype security update", "description": "**CentOS Errata and Security Advisory** CESA-2009:0329\n\n\nFreeType is a free, high-quality, portable font engine that can open and\nmanage font files. It also loads, hints, and renders individual glyphs\nefficiently. These packages provide both the FreeType 1 and FreeType 2\nfont engines.\n\nTavis Ormandy of the Google Security Team discovered several integer\noverflow flaws in the FreeType 2 font engine. If a user loaded a\ncarefully-crafted font file with an application linked against FreeType 2,\nit could cause the application to crash or, possibly, execute arbitrary\ncode with the privileges of the user running the application.\n(CVE-2009-0946)\n\nChris Evans discovered multiple integer overflow flaws in the FreeType font\nengine. If a user loaded a carefully-crafted font file with an application\nlinked against FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2006-1861)\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed TrueType\u00ae Font (TTF) files. If a user loaded a carefully-crafted\nfont file with an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2007-2754)\n\nA flaw was discovered in the FreeType TTF font-file format parser when the\nTrueType virtual machine Byte Code Interpreter (BCI) is enabled. If a user\nloaded a carefully-crafted font file with an application linked against\nFreeType, it could cause the application to crash or, possibly, execute\narbitrary code with the privileges of the user running the application.\n(CVE-2008-1808)\n\nThe CVE-2008-1808 flaw did not affect the freetype packages as distributed\nin Red Hat Enterprise Linux 3 and 4, as they are not compiled with TrueType\nBCI support. A fix for this flaw has been included in this update as users\nmay choose to recompile the freetype packages in order to enable TrueType\nBCI support. Red Hat does not, however, provide support for modified and\nrecompiled packages.\n\nNote: For the FreeType 2 font engine, the CVE-2006-1861, CVE-2007-2754,\nand CVE-2008-1808 flaws were addressed via RHSA-2006:0500, RHSA-2007:0403,\nand RHSA-2008:0556 respectively. This update provides corresponding\nupdates for the FreeType 1 font engine, included in the freetype packages\ndistributed in Red Hat Enterprise Linux 3 and 4.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be restarted\n(log out, then log back in) for this update to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-May/015887.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-May/015888.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-May/015932.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-May/015934.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-May/015936.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-May/015939.html\n\n**Affected packages:**\nfreetype\nfreetype-demos\nfreetype-devel\nfreetype-utils\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-0329.html", "published": "2009-05-22T15:02:05", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2009-May/015887.html", "cvelist": ["CVE-2009-0946", "CVE-2008-1808", "CVE-2007-2754", "CVE-2006-1861"], "lastseen": "2017-10-03T18:24:49"}]}}
