Search for vulnerabilities
Vulnerability details: VCID-k3fd-zdmc-sqcr
Vulnerability ID VCID-k3fd-zdmc-sqcr
Aliases CVE-2015-9290
Summary In FreeType before 2.6.1, a buffer over-read occurs in type1/t1parse.c on function T1_Get_Private_Dict where there is no check that the new values of cur and limit are sensible before going to Again.
Status Published
Exploitability 0.5
Weighted Severity 8.8
Risk 4.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-125 Out-of-bounds Read
System Score Found at
cvssv3 6.2 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-9290.json
epss 0.005 https://api.first.org/data/v1/epss?cve=CVE-2015-9290
epss 0.005 https://api.first.org/data/v1/epss?cve=CVE-2015-9290
epss 0.005 https://api.first.org/data/v1/epss?cve=CVE-2015-9290
epss 0.005 https://api.first.org/data/v1/epss?cve=CVE-2015-9290
epss 0.005 https://api.first.org/data/v1/epss?cve=CVE-2015-9290
epss 0.005 https://api.first.org/data/v1/epss?cve=CVE-2015-9290
epss 0.005 https://api.first.org/data/v1/epss?cve=CVE-2015-9290
epss 0.005 https://api.first.org/data/v1/epss?cve=CVE-2015-9290
epss 0.005 https://api.first.org/data/v1/epss?cve=CVE-2015-9290
epss 0.005 https://api.first.org/data/v1/epss?cve=CVE-2015-9290
epss 0.005 https://api.first.org/data/v1/epss?cve=CVE-2015-9290
epss 0.005 https://api.first.org/data/v1/epss?cve=CVE-2015-9290
epss 0.005 https://api.first.org/data/v1/epss?cve=CVE-2015-9290
epss 0.005 https://api.first.org/data/v1/epss?cve=CVE-2015-9290
epss 0.005 https://api.first.org/data/v1/epss?cve=CVE-2015-9290
epss 0.005 https://api.first.org/data/v1/epss?cve=CVE-2015-9290
epss 0.005 https://api.first.org/data/v1/epss?cve=CVE-2015-9290
epss 0.005 https://api.first.org/data/v1/epss?cve=CVE-2015-9290
cvssv3 3.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2015-9290
cvssv3 9.8 https://nvd.nist.gov/vuln/detail/CVE-2015-9290
Reference id Reference type URL
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/type1/t1parse.c?id=e3058617f384cb6709f3878f753fa17aca9e3a30
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-9290.json
https://api.first.org/data/v1/epss?cve=CVE-2015-9290
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9290
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://lists.debian.org/debian-lts-announce/2019/08/msg00019.html
https://savannah.nongnu.org/bugs/?45923
https://support.f5.com/csp/article/K38315305
https://support.f5.com/csp/article/K38315305?utm_source=f5support&amp%3Butm_medium=RSS
1741802 https://bugzilla.redhat.com/show_bug.cgi?id=1741802
cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:*
CVE-2015-9290 https://nvd.nist.gov/vuln/detail/CVE-2015-9290
No exploits are available.
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-9290.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2015-9290
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2015-9290
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.64921
EPSS Score 0.005
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T10:04:10.801120+00:00 NVD Importer Import https://nvd.nist.gov/vuln/detail/CVE-2015-9290 37.0.0