{"id":"USN-4126-2","summary":"freetype vulnerabilities","details":"USN-4126-1 fixed a vulnerability in FreeType. This update provides\nthe corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.\n\nIt was discovered that FreeType incorrectly handled certain font files.\nAn attacker could possibly use this issue to access sensitive information.\n(CVE-2015-9381, CVE-2015-9382)\n\nOriginal advisory details:\n\n It was discovered that FreeType incorrectly handled certain font files.\n An attacker could possibly use this issue to access sensitive information.\n (CVE-2015-9383)\n","modified":"2026-02-10T04:41:38Z","published":"2019-09-09T19:06:18Z","related":["UBUNTU-CVE-2015-9381","UBUNTU-CVE-2015-9382","UBUNTU-CVE-2015-9383"],"upstream":["CVE-2015-9381","CVE-2015-9382","CVE-2015-9383","UBUNTU-CVE-2015-9381","UBUNTU-CVE-2015-9382","UBUNTU-CVE-2015-9383"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4126-2"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-9381"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-9382"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-9383"}],"affected":[{"package":{"name":"freetype","ecosystem":"Ubuntu:Pro:14.04:LTS","purl":"pkg:deb/ubuntu/freetype@2.5.2-1ubuntu2.8+esm1?arch=source&distro=trusty/esm"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.5.2-1ubuntu2.8+esm1"}]}],"versions":["2.4.12-0ubuntu1","2.5.0.1-0ubuntu2","2.5.1-1ubuntu1","2.5.1-1ubuntu2","2.5.1-2ubuntu1","2.5.2-1ubuntu1","2.5.2-1ubuntu2","2.5.2-1ubuntu2.1","2.5.2-1ubuntu2.2","2.5.2-1ubuntu2.3","2.5.2-1ubuntu2.4","2.5.2-1ubuntu2.5","2.5.2-1ubuntu2.6","2.5.2-1ubuntu2.7","2.5.2-1ubuntu2.8"],"ecosystem_specific":{"binaries":[{"binary_name":"freetype2-demos","binary_version":"2.5.2-1ubuntu2.8+esm1"},{"binary_name":"libfreetype6","binary_version":"2.5.2-1ubuntu2.8+esm1"},{"binary_name":"libfreetype6-dev","binary_version":"2.5.2-1ubuntu2.8+esm1"}],"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4126-2.json","cves_map":{"ecosystem":"Ubuntu:Pro:14.04:LTS","cves":[{"id":"CVE-2015-9381","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2015-9382","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2015-9383","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}]}}}],"schema_version":"1.7.3"}