Candidate: CVE-2009-0946
PublicDate: 2009-04-17 00:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0946
 https://ubuntu.com/security/notices/USN-767-1
Description:
 Multiple integer overflows in FreeType 2.3.9 and earlier allow remote
 attackers to execute arbitrary code via vectors related to large values in
 certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3)
 cff/cffload.c.
Ubuntu-Description:
Notes:
 mdeslaur> reproducers don't crash freetype1
Bugs:
Priority: medium
Discovered-by: Tavis Ormandy
Assigned-to: mdeslaur
CVSS: 

Patches_freetype:
 other: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=79972af4f0485a11dcb19551356c45245749fc5b
 other: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a18788b14db60ae3673f932249cd02d33a227c4e
 other: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0a05ba257b6ddd87dacf8d54b626e4b360e0a596
 other: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0545ec1ca36b27cb928128870a83e5f668980bc5
upstream_freetype: released (2.3.9-5)
dapper_freetype: released (2.1.10-1ubuntu2.6)
hardy_freetype: released (2.3.5-1ubuntu4.8.04.2)
intrepid_freetype: released (2.3.7-2ubuntu1.1)
jaunty_freetype: released (2.3.9-4ubuntu0.1)
devel_freetype: not-affected (2.3.9-5)