ubuntu · CVE-2015-9290

Quick triage

Priority: medium Published: 2019-07-30 13:15:00 UTC Updated: 2025-08-25 21:50:30 UTC

View at Official ubuntu advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2015-9290 medium priority: Ubuntu including 1 source packages (freetype), 5 status rows across 5 suites (bionic, disco, trusty, upstream, xenial): not-affected 4, released 1.

Description:

In FreeType before 2.6.1, a buffer over-read occurs in type1/t1parse.c on function T1_Get_Private_Dict where there is no check that the new values of cur and limit are sensible before going to Again.

cvelogic Threat Intelligence