VYPR
Unrated severityNVD Advisory· Published Apr 17, 2009· Updated Jun 16, 2026

CVE-2009-0946

CVE-2009-0946

Description

Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

24
  • cpe:2.3:a:apple:safari:4.0:*:*:*:*:*:*:*
  • FreeType/Freetype2 versions
    cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:*range: <=2.3.9
    • (no CPE)range: <=2.3.9
  • cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
    Range: >=1.0.0,<=2.2.1
  • cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*range: >=10.6.0,<=10.6.4
    • cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*range: >=10.6.0,<=10.6.4
    • cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.5.8:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
  • Debian/linux3 versions
    cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
    • cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
    • cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
  • OpenSUSE/openSUSE3 versions
    cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*
    • cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
    • cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:10:-:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:suse:linux_enterprise_server:10:-:*:*:*:*:*:*
    • cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*
  • osv-coords2 versions
    < 2.7-1.1+ 1 more
    • (no CPE)range: < 2.7-1.1
    • (no CPE)range: < 2.7-1.1

Patches

Vulnerability mechanics

References

39

News mentions

0

No linked articles in our index yet.