FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2009-0946

This CVE name corresponds to:

Entered	Topic
2009-04-18	freetype2 -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2009-0946 at cve.mitre.org

Details

Type	Candidate
Name	CVE-2009-0946
Phase	Assigned(20090318)

Description

Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.

References

Source	Reference
CONFIRM	http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0545ec1ca36b27cb928128870a83e5f668980bc5
CONFIRM	http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=79972af4f0485a11dcb19551356c45245749fc5b
CONFIRM	http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a18788b14db60ae3673f932249cd02d33a227c4e
CONFIRM	http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog
CONFIRM	https://bugzilla.redhat.com/show_bug.cgi?id=491384
CONFIRM	http://support.apple.com/kb/HT3549
CONFIRM	http://support.apple.com/kb/HT3613
CONFIRM	http://support.apple.com/kb/HT3639
CONFIRM	http://support.apple.com/kb/HT4435
APPLE	APPLE-SA-2009-05-12
APPLE	APPLE-SA-2009-06-08-1
APPLE	APPLE-SA-2009-06-17-1
APPLE	APPLE-SA-2010-11-10-1
DEBIAN	DSA-1784
GENTOO	GLSA-200905-05
MANDRIVA	MDVSA-2009:243
REDHAT	RHSA-2009:0329
REDHAT	RHSA-2009:1061
REDHAT	RHSA-2009:1062
SUNALERT	270268
SUSE	SUSE-SR:2009:010
UBUNTU	USN-767-1
CERT	TA09-133A
BID	34550
OVAL	oval:org.mitre.oval:def:10149
SECUNIA	34723
SECUNIA	34913
SECUNIA	34967
SECUNIA	35065
SECUNIA	35074
SECUNIA	35198
SECUNIA	35200
SECUNIA	35204
SECUNIA	35210
SECUNIA	35379
VUPEN	ADV-2009-1058
VUPEN	ADV-2009-1297
VUPEN	ADV-2009-1522
VUPEN	ADV-2009-1621