CVE-2009-0946
freetype - arbitrary code execution
EPSS 16.4%
Description
Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.
How to fix CVE-2009-0946
To remediate CVE-2009-0946, upgrade the affected package to a fixed version below.
- Debian/freetype—upgrade to 2.3.9-4.1 or later
- Debian/freetype—upgrade to 2.2.1-5+etch4 or later
Is CVE-2009-0946 being exploited?
Moderate — EPSS is 16.4%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 2.3.9-4.1
- from 0, < 2.2.1-5+etch4