CVE-2015-9290
First published: Tue Jul 30 2019(Updated: )
In FreeType before 2.6.1, a buffer over-read occurs in type1/t1parse.c on function T1_Get_Private_Dict where there is no check that the new values of cur and limit are sensible before going to Again.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Freetype Freetype | <2.6.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/type1/t1parse.c?id=e3058617f384cb6709f3878f753fa17aca9e3a30
- https://lists.debian.org/debian-lts-announce/2019/08/msg00019.html
- https://savannah.nongnu.org/bugs/?45923
- https://support.f5.com/csp/article/K38315305
- https://support.f5.com/csp/article/K38315305?utm_source=f5support&utm_medium=RSS
- https://support.f5.com/csp/article/K38315305?utm_source=f5support&%3Butm_medium=RSS
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2015-9290.
What is the severity of CVE-2015-9290?
The severity of CVE-2015-9290 is critical, with a severity value of 9.8.
What is the description of CVE-2015-9290?
CVE-2015-9290 is a buffer over-read vulnerability in FreeType before 2.6.1, specifically in the type1/t1parse.c file.
What software is affected by CVE-2015-9290?
The affected software is FreeType before version 2.6.1.
How do I fix CVE-2015-9290?
To fix CVE-2015-9290, it is recommended to update FreeType to version 2.6.1 or later.
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/type
- agent/tags
- agent/description
- agent/event
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/freetype
- canonical/freetype freetype