Do your applications use this vulnerable package?
Test your applications
Overview
In FreeType before 2.6.1, a buffer over-read occurs in type1/t1parse.c on function T1_Get_Private_Dict where there is no check that the new values of cur and limit are sensible before going to Again.
References
CVSS Score
9.8
high severity
-
Attack VectorNetwork
-
Attack ComplexityLow
-
Privileges RequiredNone
-
User InteractionNone
-
ScopeUnchanged
-
ConfidentialityHigh
-
IntegrityHigh
-
AvailabilityHigh
- CVE
- CVE-2015-9290
- CWE
- CWE-125
- Snyk ID
- SNYK-DEBIAN8-FREETYPE-455988
- Disclosed
- 30 Jul, 2019
- Published
- 30 Jul, 2019