Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2015-9382

Published: 03/09/2019 Updated: 10/09/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Freetype

Vulnerability Summary

FreeType prior to 2.6.1 has a buffer over-read in skip_comment in psaux/psobjs.c because ps_parser_skip_PS_token is mishandled in an FT_New_Memory_Face operation.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

freetype freetype

debian debian linux 8.0

Vendor Advisories

Red Hat: Moderate: freetype security update
Synopsis Moderate: freetype security update Type/Severity Security Advisory: Moderate Topic An update for freetype is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, ...
Ubuntu Security Notice: freetype vulnerabilities
FreeType could be made to expose sensitive information if it opened a specially crafted font file ...
Amazon Linux AMI: ALAS-2020-1348
FreeType before 261 has a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parsec (CVE-2015-9381) FreeType before 261 has a buffer over-read in skip_comment in psaux/psobjsc because ps_parser_skip_PS_token is mishandled in an FT_New_Memory_Face operation (CVE-2015-9382) ...

References

CWE-125http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/psaux/psobjs.c?id=db5a4a9ae7b0048f033361744421da8569642f73https://savannah.nongnu.org/bugs/?45922https://lists.debian.org/debian-lts-announce/2019/09/msg00002.htmlhttps://usn.ubuntu.com/4126-2/https://access.redhat.com/errata/RHSA-2019:4254https://access.redhat.com/errata/RHSA-2019:4254https://usn.ubuntu.com/4126-2/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028memory leaklog injectionCVE-2024-3400CVE-2022-48695CVE-2022-48675CVE-2024-34487CVE-2024-33792spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook