{"id":"UBUNTU-CVE-2015-9290","details":"In FreeType before 2.6.1, a buffer over-read occurs in type1/t1parse.c on function T1_Get_Private_Dict where there is no check that the new values of cur and limit are sensible before going to Again.","modified":"2025-07-16T08:11:53.783550Z","published":"2019-07-30T13:15:00Z","withdrawn":"2025-07-18T16:43:21Z","upstream":["CVE-2015-9290"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-9290"},{"type":"REPORT","url":"http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/type1/t1parse.c?id=e3058617f384cb6709f3878f753fa17aca9e3a30"},{"type":"REPORT","url":"https://savannah.nongnu.org/bugs/?45923"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2015-9290"}],"affected":[{"package":{"name":"freetype","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/freetype@2.8.1-2ubuntu2?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.8.1-2ubuntu2"}]}],"versions":["2.8-0.2ubuntu2","2.8.1-0.1ubuntu2","2.8.1-0.1ubuntu3","2.8.1-2ubuntu1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"2.8.1-2ubuntu2","binary_name":"freetype2-demos"},{"binary_version":"2.8.1-2ubuntu2","binary_name":"freetype2-demos-dbgsym"},{"binary_version":"2.8.1-2ubuntu2","binary_name":"libfreetype6"},{"binary_version":"2.8.1-2ubuntu2","binary_name":"libfreetype6-dbgsym"},{"binary_version":"2.8.1-2ubuntu2","binary_name":"libfreetype6-dev"},{"binary_version":"2.8.1-2ubuntu2","binary_name":"libfreetype6-udeb"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2015/UBUNTU-CVE-2015-9290.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}