Vulnerability Description
In FreeType before 2.6.1, a buffer over-read occurs in type1/t1parse.c on function T1_Get_Private_Dict where there is no check that the new values of cur and limit are sensible before going to Again.
CVSS Score
9.8
CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Freetype | Freetype | < 2.6.1 |
Related Weaknesses (CWE)
References
- http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/type1/t1parsePatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2019/08/msg00019.html
- https://savannah.nongnu.org/bugs/?45923ExploitThird Party Advisory
- https://support.f5.com/csp/article/K38315305
- https://support.f5.com/csp/article/K38315305?utm_source=f5support&%3Butm_medi
- http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/type1/t1parsePatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2019/08/msg00019.html
- https://savannah.nongnu.org/bugs/?45923ExploitThird Party Advisory
- https://support.f5.com/csp/article/K38315305
- https://support.f5.com/csp/article/K38315305?utm_source=f5support&%3Butm_medi
FAQ
What is CVE-2015-9290?
CVE-2015-9290 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In FreeType before 2.6.1, a buffer over-read occurs in type1/t1parse.c on function T1_Get_Private_Dict where there is no check that the new values of cur and limit are sensible before going to Again.
How severe is CVE-2015-9290?
CVE-2015-9290 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2015-9290?
Check the references section above for vendor advisories and patch information. Affected products include: Freetype Freetype.