Lucene search
UbuntuUSN-767-1HistoryApr 27, 2009 - 12:00 a.m.
FreeType vulnerability
2009-04-2700:00:00
ubuntu.com
31
9.9 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.036 Low
EPSS
Percentile
91.6%
Releases
- Ubuntu 9.04
- Ubuntu 8.10
- Ubuntu 8.04
- Ubuntu 6.06
Packages
- freetype -
Details
Tavis Ormandy discovered that FreeType did not correctly handle certain
large values in font files. If a user were tricked into using a specially
crafted font file, a remote attacker could execute arbitrary code with user
privileges.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 9.04 | noarch | libfreetype6 | <Β 2.3.9-4ubuntu0.1 | UNKNOWN |
| Ubuntu | 9.04 | noarch | freetype2-demos | <Β 2.3.9-4ubuntu0.1 | UNKNOWN |
| Ubuntu | 9.04 | noarch | libfreetype6 | <Β dev-2.3.9-4ubuntu0.1 | UNKNOWN |
| Ubuntu | 9.04 | noarch | libfreetype6 | <Β udeb-2.3.9-4ubuntu0.1 | UNKNOWN |
| Ubuntu | 8.10 | noarch | libfreetype6 | <Β 2.3.7-2ubuntu1.1 | UNKNOWN |
| Ubuntu | 8.10 | noarch | freetype2-demos | <Β 2.3.7-2ubuntu1.1 | UNKNOWN |
| Ubuntu | 8.10 | noarch | libfreetype6-dev | <Β 2.3.7-2ubuntu1.1 | UNKNOWN |
| Ubuntu | 8.10 | noarch | libfreetype6-udeb | <Β 2.3.7-2ubuntu1.1 | UNKNOWN |
| Ubuntu | 8.04 | noarch | libfreetype6 | <Β 2.3.5-1ubuntu4.8.04.2 | UNKNOWN |
| Ubuntu | 8.04 | noarch | freetype2-demos | <Β 2.3.5-1ubuntu4.8.04.2 | UNKNOWN |
References
Related
veracode
veracode
Integer Overflows
2020-04-10 00:31:38
nessus
nessus
SuSE 10 Security Update : freetype2 (ZYPP Patch Number 6181)
2009-09-24 00:00:00
SuSE9 Security Update : freetype2 (YOU Patch Number 12398)
2009-09-24 00:00:00
openSUSE Security Update : freetype2 (freetype2-794)
2009-07-21 00:00:00
securityvulns
securityvulns
FreeType integer overflows
2009-05-25 00:00:00
[ GLSA 200905-05 ] FreeType: Multiple vulnerabilities
2009-05-25 00:00:00
About the security content of Security Update 2009-002 / Mac OS X v10.5.7
2009-05-14 00:00:00
openvas
openvas
SLES10: Security update for freetype2
2009-10-13 00:00:00
Mandrake Security Advisory MDVSA-2009:243 (freetype2)
2009-09-28 00:00:00
CentOS Security Advisory CESA-2009:1061 (freetype)
2009-05-25 00:00:00
redhat
redhat
(RHSA-2009:1061) Important: freetype security update
2009-05-22 00:00:00
(RHSA-2009:1062) Important: freetype security update
2009-05-22 00:00:00
(RHSA-2009:0329) Important: freetype security update
2009-05-22 00:00:00
debiancve
debiancve
CVE-2009-0946
2009-04-17 00:30:00
seebug
seebug
FreeTypeε€δΈͺζ΄ζ°ζΊ’εΊζΌζ΄
2009-04-28 00:00:00
prion
prion
Integer overflow
2009-04-17 00:30:00
osv
osv
freetype - arbitrary code execution
2009-04-30 00:00:00
ubuntucve
ubuntucve
CVE-2009-0946
2009-04-17 00:00:00
gentoo
gentoo
FreeType: Multiple vulnerabilities
2009-05-24 00:00:00
Multiple packages, Multiple vulnerabilities fixed in 2010
2014-12-11 00:00:00
freebsd
freebsd
freetype2 -- multiple vulnerabilities
2009-04-16 00:00:00
oraclelinux
oraclelinux
freetype security update
2009-05-22 00:00:00
freetype security update
2009-05-26 00:00:00
cve
cve
CVE-2009-0946
2009-04-17 00:30:00
debian
debian
[SECURITY] [DSA 1784-1] New freetype packages fix arbitrary code execution
2009-04-30 18:14:37
centos
centos
freetype security update
2009-05-22 21:25:29
freetype security update
2009-05-22 14:02:05
9.9 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.036 Low
EPSS
Percentile
91.6%
Related for USN-767-1