Fluid Attacks Database

Description

FreeType before 2.6.1 has a buffer over-read in skip_comment in psaux/psobjs.c because ps_parser_skip_PS_token is mishandled in an FT_New_Memory_Face operation.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	freetype	>=0 <2.6.1-0.1	2.6.1-0.1
debian 13	freetype	>=0 <2.6.1-0.1	2.6.1-0.1
debian 11	freetype	>=0 <2.6.1-0.1	2.6.1-0.1
rpm rhel7	PackageKit	<0:1.1.10-1.el7	0:1.1.10-1.el7
rpm rhel7	gstreamer1-plugins-base	<0:1.10.4-2.el7	0:1.10.4-2.el7
rpm rhel7	wayland	<0:1.15.0-1.el7	0:1.15.0-1.el7
debian 14	freetype	>=0 <2.6.1-0.1	2.6.1-0.1
rpm rhel7	vala	<0:0.40.8-1.el7	0:0.40.8-1.el7
rpm rhel7	cairo	<0:1.15.12-3.el7	0:1.15.12-3.el7
rpm rhel7	libgweather	<0:3.28.2-2.el7	0:3.28.2-2.el7

1-10 of 155

Aliases

1. CVE-2015-93822. NVD-2015-93823. OSV-DEBIAN-2015-93824. OSV-2015-93825. SECURITY-TRACKER-CVE-2015-9382

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.