Unrated severityNVD Advisory· Published Apr 17, 2009· Updated Apr 23, 2026

CVE-2009-0946

Description

Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.

Affected products

FreeType/Freetype
cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:*
Range: <=2.3.9
Debian/Debian Linux3 versions
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
Canonical (company)/Ubuntu Linux4 versions
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
OpenSUSE/openSUSE3 versions
cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*
SUSE S.A./Linux Enterprise Server2 versions
cpe:2.3:o:suse:linux_enterprise_server:10:-:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:suse:linux_enterprise_server:10:-:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*
Apple Inc./Safari
cpe:2.3:a:apple:safari:4.0:*:*:*:*:*:*:*
Apple Inc./Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: >=1.0.0,<=2.2.1
Apple Inc./Mac Os X3 versions
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*range: >=10.6.0,<=10.6.4
- cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*
Apple Inc./Mac Os X Server3 versions
cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*range: >=10.6.0,<=10.6.4
- cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x_server:10.5.8:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/nvdPatchThird Party Advisory
git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/nvdPatchThird Party Advisory
git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/nvdPatchThird Party Advisory
bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchThird Party Advisory
git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLognvdRelease NotesThird Party Advisory
lists.apple.com/archives/security-announce/2009/Jun/msg00005.htmlnvdMailing ListThird Party Advisory
lists.apple.com/archives/security-announce/2009/May/msg00002.htmlnvdMailing ListThird Party Advisory
lists.apple.com/archives/security-announce/2010//Nov/msg00000.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.htmlnvdMailing ListThird Party Advisory
secunia.com/advisories/34723nvdThird Party Advisory
secunia.com/advisories/34913nvdThird Party Advisory
secunia.com/advisories/34967nvdThird Party Advisory
secunia.com/advisories/35065nvdThird Party Advisory
secunia.com/advisories/35074nvdThird Party Advisory
secunia.com/advisories/35198nvdThird Party Advisory
secunia.com/advisories/35200nvdThird Party Advisory
secunia.com/advisories/35204nvdThird Party Advisory
secunia.com/advisories/35210nvdThird Party Advisory
secunia.com/advisories/35379nvdThird Party Advisory
security.gentoo.org/glsa/glsa-200905-05.xmlnvdThird Party Advisory
support.apple.com/kb/HT3549nvdThird Party Advisory
support.apple.com/kb/HT3613nvdThird Party Advisory
support.apple.com/kb/HT3639nvdThird Party Advisory
www.debian.org/security/2009/dsa-1784nvdThird Party Advisory
www.mandriva.com/security/advisoriesnvdThird Party Advisory
www.redhat.com/support/errata/RHSA-2009-0329.htmlnvdThird Party Advisory
www.redhat.com/support/errata/RHSA-2009-1061.htmlnvdThird Party Advisory
www.redhat.com/support/errata/RHSA-2009-1062.htmlnvdThird Party Advisory
www.securityfocus.com/bid/34550nvdThird Party AdvisoryVDB Entry
www.ubuntu.com/usn/USN-767-1nvdThird Party Advisory
www.us-cert.gov/cas/techalerts/TA09-133A.htmlnvdThird Party AdvisoryUS Government Resource
www.vupen.com/english/advisories/2009/1058nvdThird Party Advisory
www.vupen.com/english/advisories/2009/1297nvdThird Party Advisory
www.vupen.com/english/advisories/2009/1522nvdThird Party Advisory
www.vupen.com/english/advisories/2009/1621nvdThird Party Advisory
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10149nvdThird Party Advisory
lists.apple.com/archives/security-announce/2009/jun/msg00002.htmlnvdBroken Link
sunsolve.sun.com/search/document.donvdBroken Link
support.apple.com/kb/HT4435nvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.013
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000