CVE-2009-0946

Name of the Vulnerable Software and Affected Versions freetype versions prior to 2.3.9 freetype-devel version 2.0.3 freetype-utils version 2.0.3

Description The issue concerns multiple integer overflows in FreeType, which can be exploited remotely to execute arbitrary code. This can lead to a breach of confidentiality, integrity, and availability of protected information. The overflows are related to large values in certain inputs in files such as smooth/ftsmooth.c, sfnt/ttcmap.c, and cff/cffload.c.

Recommendations For freetype versions prior to 2.3.9, update to version 2.3.9 or later. For freetype-devel version 2.0.3, consider upgrading to a newer version of freetype-devel that incorporates the fixes for the integer overflows. For freetype-utils version 2.0.3, consider upgrading to a newer version of freetype-utils that incorporates the fixes for the integer overflows. As a temporary workaround, consider restricting access to the vulnerable components, such as smooth/ftsmooth.c, sfnt/ttcmap.c, and cff/cffload.c, until a patch is available.