CVE-2008-1808

Severity

75%

Complexity

99%

Confidentiality

106%

Multiple off-by-one errors in FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via (1) a crafted table in a Printer Font Binary (PFB) file or (2) a crafted SHC instruction in a TrueType Font (TTF) file, which triggers a heap-based buffer overflow.

Multiple off-by-one errors in FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via (1) a crafted table in a Printer Font Binary (PFB) file or (2) a crafted SHC instruction in a TrueType Font (TTF) file, which triggers a heap-based buffer overflow.

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

FreeType

First reported 16 years ago

2008-06-16 19:41:00

Last updated 6 years ago

2018-10-11 20:37:00

Affected Software

FreeType 1.3.1

1.3.1

FreeType 2.0.6

2.0.6

FreeType 2.0.9

2.0.9

FreeType 2.1.7

2.1.7

FreeType 2.1.9

2.1.9

FreeType 2.1.10

2.1.10

FreeType 2.2

2.2

FreeType 2.2.1

2.2.1

FreeType 2.3.3

2.3.3

FreeType 2.3.4

2.3.4

FreeType 2.3.5

2.3.5

References

20080610 Multiple Vendor FreeType2 Multiple Heap Overflow Vulnerabilities

APPLE-SA-2008-09-09

APPLE-SA-2008-09-12

APPLE-SA-2009-02-12

20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.

SUSE-SR:2008:014

30600

Vendor Advisory

30721

30740

30766

30819

30821

30967

31479

31577

31707

31709

31711

31712

31823

31856

31900

33937

35204

GLSA-200806-10

GLSA-201209-25

1020240

http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=605780

239006

http://support.apple.com/kb/HT3026

http://support.apple.com/kb/HT3129

http://support.apple.com/kb/HT3438

http://support.avaya.com/elmodocs2/security/ASA-2008-318.htm

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0255

MDVSA-2008:121

RHSA-2008:0556

RHSA-2008:0558

RHSA-2009:0329

20080814 rPSA-2008-0255-1 freetype

20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.

29637

Patch

29639

Patch

USN-643-1

http://www.vmware.com/security/advisories/VMSA-2008-0014.html

http://www.vmware.com/support/player/doc/releasenotes_player.html

http://www.vmware.com/support/player2/doc/releasenotes_player2.html

http://www.vmware.com/support/server/doc/releasenotes_server.html

http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html

http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html

ADV-2008-1794

ADV-2008-1876

ADV-2008-2423

ADV-2008-2466

ADV-2008-2525

ADV-2008-2558

https://issues.rpath.com/browse/RPL-2608

oval:org.mitre.oval:def:11188

FEDORA-2008-5425

FEDORA-2008-5430

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.