Buffer Over-read Vulnerability in FreeType Affects Multiple Versions
CVE-2015-9290

9.8CRITICAL

Key Information:

Vendor
Freetype
Status
Freetype
Vendor
CVE Published:
30 July 2019

Summary

A buffer over-read vulnerability exists in FreeType prior to version 2.6.1 that stems from inadequate validation of the cur and limit parameters within the T1_Get_Private_Dict function in the type1/t1parse.c file. This flaw could potentially allow attackers to read beyond the allocated memory buffer, leading to information disclosure or application crashes under certain conditions.

References

https://savannah.nongnu.org/bugs/?45923
x_refsource_MISC
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/c...
x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2019/08/msg0...
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.