CVE-2015-9290

Published: 30 July 2019

In FreeType before 2.6.1, a buffer over-read occurs in type1/t1parse.c on function T1_Get_Private_Dict where there is no check that the new values of cur and limit are sensible before going to Again.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
freetype
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.1-0.1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(2.8.1-2ubuntu2)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(code not present)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(code not present)