CVE-2015-9382
Severity CVSS v4.0:
Pending analysis
Type:
CWE-125
Out-of-bounds Read
Publication date:
03/09/2019
Last modified:
10/09/2019
Description
FreeType before 2.6.1 has a buffer over-read in skip_comment in psaux/psobjs.c because ps_parser_skip_PS_token is mishandled in an FT_New_Memory_Face operation.
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:* | 2.6.1 (excluding) | |
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/psaux/psobjs.c?id=db5a4a9ae7b0048f033361744421da8569642f73
- https://access.redhat.com/errata/RHSA-2019:4254
- https://lists.debian.org/debian-lts-announce/2019/09/msg00002.html
- https://savannah.nongnu.org/bugs/?45922=
- https://usn.ubuntu.com/4126-2/