CVE-2009-0946

EPSS 16.4%

freetype - arbitrary code execution

Published: 4/17/2009Modified: 4/28/2026

Description

Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.

Affected packages (2)

Debian/freetypefrom 0, < 2.3.9-4.1
Debian/freetypefrom 0, < 2.2.1-5+etch4

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2009-0946