Published: 03/09/2019 Updated: 10/09/2019

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

FreeType prior to 2.6.1 has a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c.

Vulnerable Product	Search on Vulmon	Subscribe to Product
freetype freetype
debian debian linux 8.0

Synopsis Moderate: freetype security update Type/Severity Security Advisory: Moderate Topic An update for freetype is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, ...

FreeType could be made to expose sensitive information if it opened a specially crafted font file ...

FreeType before 261 has a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parsec (CVE-2015-9381) FreeType before 261 has a buffer over-read in skip_comment in psaux/psobjsc because ps_parser_skip_PS_token is mishandled in an FT_New_Memory_Face operation (CVE-2015-9382) ...

Impact: Moderate Public Date: 2019-09-17 CWE: CWE-126 Bugzilla: 1752788: CVE-2015-9381 freetype: a heap ...

CWE-125 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/type1/t1parse.c?id=7962a15d64c876870ca0ae435ea2467d9be268d9 https://savannah.nongnu.org/bugs/?45955 https://lists.debian.org/debian-lts-announce/2019/09/msg00002.html https://usn.ubuntu.com/4126-2/https://access.redhat.com/errata/RHSA-2019:4254 https://access.redhat.com/errata/RHSA-2019:4254 https://usn.ubuntu.com/4126-2/https://nvd.nist.gov

CVE-2015-9381

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect