Search for vulnerabilities
Vulnerability details: VCID-5efc-3mxh-aaaq
Vulnerability ID VCID-5efc-3mxh-aaaq
Aliases CVE-2009-0946
Summary Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-190 Integer Overflow or Wraparound
System Score Found at
rhas Important https://access.redhat.com/errata/RHSA-2009:0329
rhas Important https://access.redhat.com/errata/RHSA-2009:1061
rhas Important https://access.redhat.com/errata/RHSA-2009:1062
epss 0.04372 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.04372 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.04372 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.04372 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.04372 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.04372 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.04372 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.04372 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.04372 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.04372 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.04372 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.11816 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.11816 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.11816 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.11816 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.11816 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.11816 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.11816 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.11816 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.11816 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.11816 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.11816 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.11816 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.11816 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.11816 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.11816 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.11816 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.11816 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.11816 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.11816 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.11816 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.11816 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.19002 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.19002 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.19002 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.19002 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.19002 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.19002 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.19002 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.19002 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.19002 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.19002 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.19002 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.19002 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.19002 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.19002 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.19002 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.19002 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.19002 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.19002 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.19002 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.19002 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.19002 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.19002 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.19002 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.19002 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.19002 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.19002 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.19002 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.19002 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.19002 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.19002 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.19002 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.19002 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.19002 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.19002 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.19002 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.19002 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.19002 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.25729 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.25729 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
epss 0.25729 https://api.first.org/data/v1/epss?cve=CVE-2009-0946
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2009-0946
Reference id Reference type URL
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0545ec1ca36b27cb928128870a83e5f668980bc5
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=79972af4f0485a11dcb19551356c45245749fc5b
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a18788b14db60ae3673f932249cd02d33a227c4e
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0946.json
https://api.first.org/data/v1/epss?cve=CVE-2009-0946
https://bugzilla.redhat.com/show_bug.cgi?id=491384
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0946
http://secunia.com/advisories/34723
http://secunia.com/advisories/34913
http://secunia.com/advisories/34967
http://secunia.com/advisories/35065
http://secunia.com/advisories/35074
http://secunia.com/advisories/35198
http://secunia.com/advisories/35200
http://secunia.com/advisories/35204
http://secunia.com/advisories/35210
http://secunia.com/advisories/35379
http://security.gentoo.org/glsa/glsa-200905-05.xml
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10149
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270268-1
http://support.apple.com/kb/HT3549
http://support.apple.com/kb/HT3613
http://support.apple.com/kb/HT3639
http://support.apple.com/kb/HT4435
http://www.debian.org/security/2009/dsa-1784
http://www.mandriva.com/security/advisories?name=MDVSA-2009:243
http://www.redhat.com/support/errata/RHSA-2009-0329.html
http://www.redhat.com/support/errata/RHSA-2009-1061.html
http://www.redhat.com/support/errata/RHSA-2009-1062.html
http://www.securityfocus.com/bid/34550
http://www.ubuntu.com/usn/USN-767-1
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
http://www.vupen.com/english/advisories/2009/1058
http://www.vupen.com/english/advisories/2009/1297
http://www.vupen.com/english/advisories/2009/1522
http://www.vupen.com/english/advisories/2009/1621
524925 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524925
cpe:2.3:a:apple:safari:4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari:4.0:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.5.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x_server:10.5.8:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:10:-:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*
CVE-2009-0946 https://nvd.nist.gov/vuln/detail/CVE-2009-0946
GLSA-200905-05 https://security.gentoo.org/glsa/200905-05
GLSA-201412-08 https://security.gentoo.org/glsa/201412-08
RHSA-2009:0329 https://access.redhat.com/errata/RHSA-2009:0329
RHSA-2009:1061 https://access.redhat.com/errata/RHSA-2009:1061
RHSA-2009:1062 https://access.redhat.com/errata/RHSA-2009:1062
USN-767-1 https://usn.ubuntu.com/767-1/
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2009-0946
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.92566
EPSS Score 0.04372
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.