exploit the possibilities
Showing 1 - 7 of 7 RSS Feed

CVE-2009-0946

Status Candidate

Overview

Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.

Related Files

Gentoo Linux Security Advisory 201412-08
Posted Dec 12, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-8 - This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2011. The worst of these vulnerabilities could lead to local privilege escalation and remote code execution.

tags | advisory, remote, local, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2006-3005, CVE-2007-2741, CVE-2008-0553, CVE-2008-1382, CVE-2008-5907, CVE-2008-6218, CVE-2008-6661, CVE-2009-0040, CVE-2009-0360, CVE-2009-0361, CVE-2009-0946, CVE-2009-2042, CVE-2009-2624, CVE-2009-3736, CVE-2009-4029, CVE-2009-4411, CVE-2009-4896, CVE-2010-0001, CVE-2010-0436, CVE-2010-0732, CVE-2010-0829, CVE-2010-1000, CVE-2010-1205, CVE-2010-1511, CVE-2010-2056, CVE-2010-2060, CVE-2010-2192, CVE-2010-2251
MD5 | 4988293251dc9709a0f0caf5c1076c9b
Mandriva Linux Security Advisory 2009-243
Posted Dec 7, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-243 - Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c. This update corrects the problem. Packages for 2008.0 are being provided due to extended support for Corporate products.

tags | advisory, remote, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2009-0946
MD5 | 613ea2bd0ca5908ef6ae9edf8d5cbe00
Mandriva Linux Security Advisory 2009-243
Posted Sep 24, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-243-1 - Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c. This update corrects the problem. Correct a problem in the 2009.1 update of the lzw handling code.

tags | advisory, remote, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2009-0946
MD5 | 558322b8b4f079f382f2970f26da9977
Mandriva Linux Security Advisory 2009-243
Posted Sep 24, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-243 - Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c. This update corrects the problem.

tags | advisory, remote, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2009-0946
MD5 | d0691cb8ce8831e678bb916153235ff9
Gentoo Linux Security Advisory 200905-5
Posted May 25, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200905-05 - Multiple integer overflows in FreeType might allow for the remote execution of arbitrary code or a Denial of Service. Tavis Ormandy reported multiple integer overflows in the cff_charset_compute_cids() function in cff/cffload.c, sfnt/tccmap.c and the ft_smooth_render_generic() function in smooth/ftsmooth.c, possibly leading to heap or stack-based buffer overflows. Versions less than 2.3.9-r1 are affected.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, gentoo
advisories | CVE-2009-0946
MD5 | 3bb7d9e4895d5ecbc559b151571cce47
Debian Linux Security Advisory 1784-1
Posted May 3, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1784-1 - Tavis Ormandy discovered several integer overflows in FreeType, a library to process and access font files, resulting in heap- or stack-based buffer overflows leading to application crashes or the execution of arbitrary code via a crafted font file.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2009-0946
MD5 | da1f938b69b5e6cc91fb4d34fbe88cbf
Ubuntu Security Notice 767-1
Posted Apr 28, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-767-1 - Tavis Ormandy discovered that FreeType did not correctly handle certain large values in font files. If a user were tricked into using a specially crafted font file, a remote attacker could execute arbitrary code with user privileges.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2009-0946
MD5 | b98bf7fac6d45a421bf111c388bf23d5
Page 1 of 1
Back1Next

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    19 Files
  • 16
    Oct 16th
    25 Files
  • 17
    Oct 17th
    17 Files
  • 18
    Oct 18th
    7 Files
  • 19
    Oct 19th
    1 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close