CVE-2008-1806

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2008-1806
Integer overflow in FreeType2 before 2.3.6 allows context-dependent attackers to execute arbitrary code via a crafted set of 16-bit length values within the Private dictionary table in a Printer Font Binary (PFB) file, which triggers a heap-based buffer overflow.

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=715
http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html
http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
http://secunia.com/advisories/30600 Vendor Advisory
http://secunia.com/advisories/30721
http://secunia.com/advisories/30740
http://secunia.com/advisories/30766
http://secunia.com/advisories/30819
http://secunia.com/advisories/30821
http://secunia.com/advisories/30967
http://secunia.com/advisories/31479
http://secunia.com/advisories/31577
http://secunia.com/advisories/31707
http://secunia.com/advisories/31709
http://secunia.com/advisories/31711
http://secunia.com/advisories/31712
http://secunia.com/advisories/31823
http://secunia.com/advisories/31856
http://secunia.com/advisories/31900
http://secunia.com/advisories/33937
http://security.gentoo.org/glsa/glsa-200806-10.xml
http://security.gentoo.org/glsa/glsa-201209-25.xml
http://securitytracker.com/id?1020238
http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=605780
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239006-1
http://support.apple.com/kb/HT3026
http://support.apple.com/kb/HT3129
http://support.apple.com/kb/HT3438
http://support.avaya.com/elmodocs2/security/ASA-2008-318.htm
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0255
http://www.mandriva.com/security/advisories?name=MDVSA-2008:121
http://www.redhat.com/support/errata/RHSA-2008-0556.html
http://www.redhat.com/support/errata/RHSA-2008-0558.html
http://www.securityfocus.com/archive/1/495497/100/0/threaded
http://www.securityfocus.com/archive/1/495869/100/0/threaded
http://www.securityfocus.com/bid/29640 Patch
http://www.ubuntu.com/usn/usn-643-1
http://www.vmware.com/security/advisories/VMSA-2008-0014.html
http://www.vmware.com/support/player/doc/releasenotes_player.html
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
http://www.vmware.com/support/server/doc/releasenotes_server.html
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
http://www.vupen.com/english/advisories/2008/1794
http://www.vupen.com/english/advisories/2008/1876/references
http://www.vupen.com/english/advisories/2008/2423
http://www.vupen.com/english/advisories/2008/2466
http://www.vupen.com/english/advisories/2008/2525
http://www.vupen.com/english/advisories/2008/2558
https://issues.rpath.com/browse/RPL-2608
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9321
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00717.html
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00721.html
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=715
http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html
http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
http://secunia.com/advisories/30600 Vendor Advisory
http://secunia.com/advisories/30721
http://secunia.com/advisories/30740
http://secunia.com/advisories/30766
http://secunia.com/advisories/30819
http://secunia.com/advisories/30821
http://secunia.com/advisories/30967
http://secunia.com/advisories/31479
http://secunia.com/advisories/31577
http://secunia.com/advisories/31707
http://secunia.com/advisories/31709
http://secunia.com/advisories/31711
http://secunia.com/advisories/31712
http://secunia.com/advisories/31823
http://secunia.com/advisories/31856
http://secunia.com/advisories/31900
http://secunia.com/advisories/33937
http://security.gentoo.org/glsa/glsa-200806-10.xml
http://security.gentoo.org/glsa/glsa-201209-25.xml
http://securitytracker.com/id?1020238
http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=605780
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239006-1
http://support.apple.com/kb/HT3026
http://support.apple.com/kb/HT3129
http://support.apple.com/kb/HT3438
http://support.avaya.com/elmodocs2/security/ASA-2008-318.htm
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0255
http://www.mandriva.com/security/advisories?name=MDVSA-2008:121
http://www.redhat.com/support/errata/RHSA-2008-0556.html
http://www.redhat.com/support/errata/RHSA-2008-0558.html
http://www.securityfocus.com/archive/1/495497/100/0/threaded
http://www.securityfocus.com/archive/1/495869/100/0/threaded
http://www.securityfocus.com/bid/29640 Patch
http://www.ubuntu.com/usn/usn-643-1
http://www.vmware.com/security/advisories/VMSA-2008-0014.html
http://www.vmware.com/support/player/doc/releasenotes_player.html
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
http://www.vmware.com/support/server/doc/releasenotes_server.html
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
http://www.vupen.com/english/advisories/2008/1794
http://www.vupen.com/english/advisories/2008/1876/references
http://www.vupen.com/english/advisories/2008/2423
http://www.vupen.com/english/advisories/2008/2466
http://www.vupen.com/english/advisories/2008/2525
http://www.vupen.com/english/advisories/2008/2558
https://issues.rpath.com/browse/RPL-2608
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9321
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00717.html
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00721.html
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:freetype:freetype:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.5:*:*:*:*:*:*:*
History

21 Nov 2024, 00:45

Type Values Removed Values Added
References () http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=715 - () http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=715 -
References () http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html - () http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html -
References () http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html - () http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html -
References () http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html - () http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html -
References () http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html - () http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html -
References () http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html - () http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html -
References () http://secunia.com/advisories/30600 - Vendor Advisory () http://secunia.com/advisories/30600 - Vendor Advisory
References () http://secunia.com/advisories/30721 - () http://secunia.com/advisories/30721 -
References () http://secunia.com/advisories/30740 - () http://secunia.com/advisories/30740 -
References () http://secunia.com/advisories/30766 - () http://secunia.com/advisories/30766 -
References () http://secunia.com/advisories/30819 - () http://secunia.com/advisories/30819 -
References () http://secunia.com/advisories/30821 - () http://secunia.com/advisories/30821 -
References () http://secunia.com/advisories/30967 - () http://secunia.com/advisories/30967 -
References () http://secunia.com/advisories/31479 - () http://secunia.com/advisories/31479 -
References () http://secunia.com/advisories/31577 - () http://secunia.com/advisories/31577 -
References () http://secunia.com/advisories/31707 - () http://secunia.com/advisories/31707 -
References () http://secunia.com/advisories/31709 - () http://secunia.com/advisories/31709 -
References () http://secunia.com/advisories/31711 - () http://secunia.com/advisories/31711 -
References () http://secunia.com/advisories/31712 - () http://secunia.com/advisories/31712 -
References () http://secunia.com/advisories/31823 - () http://secunia.com/advisories/31823 -
References () http://secunia.com/advisories/31856 - () http://secunia.com/advisories/31856 -
References () http://secunia.com/advisories/31900 - () http://secunia.com/advisories/31900 -
References () http://secunia.com/advisories/33937 - () http://secunia.com/advisories/33937 -
References () http://security.gentoo.org/glsa/glsa-200806-10.xml - () http://security.gentoo.org/glsa/glsa-200806-10.xml -
References () http://security.gentoo.org/glsa/glsa-201209-25.xml - () http://security.gentoo.org/glsa/glsa-201209-25.xml -
References () http://securitytracker.com/id?1020238 - () http://securitytracker.com/id?1020238 -
References () http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=605780 - () http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=605780 -
References () http://sunsolve.sun.com/search/document.do?assetkey=1-26-239006-1 - () http://sunsolve.sun.com/search/document.do?assetkey=1-26-239006-1 -
References () http://support.apple.com/kb/HT3026 - () http://support.apple.com/kb/HT3026 -
References () http://support.apple.com/kb/HT3129 - () http://support.apple.com/kb/HT3129 -
References () http://support.apple.com/kb/HT3438 - () http://support.apple.com/kb/HT3438 -
References () http://support.avaya.com/elmodocs2/security/ASA-2008-318.htm - () http://support.avaya.com/elmodocs2/security/ASA-2008-318.htm -
References () http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0255 - () http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0255 -
References () http://www.mandriva.com/security/advisories?name=MDVSA-2008:121 - () http://www.mandriva.com/security/advisories?name=MDVSA-2008:121 -
References () http://www.redhat.com/support/errata/RHSA-2008-0556.html - () http://www.redhat.com/support/errata/RHSA-2008-0556.html -
References () http://www.redhat.com/support/errata/RHSA-2008-0558.html - () http://www.redhat.com/support/errata/RHSA-2008-0558.html -
References () http://www.securityfocus.com/archive/1/495497/100/0/threaded - () http://www.securityfocus.com/archive/1/495497/100/0/threaded -
References () http://www.securityfocus.com/archive/1/495869/100/0/threaded - () http://www.securityfocus.com/archive/1/495869/100/0/threaded -
References () http://www.securityfocus.com/bid/29640 - Patch () http://www.securityfocus.com/bid/29640 - Patch
References () http://www.ubuntu.com/usn/usn-643-1 - () http://www.ubuntu.com/usn/usn-643-1 -
References () http://www.vmware.com/security/advisories/VMSA-2008-0014.html - () http://www.vmware.com/security/advisories/VMSA-2008-0014.html -
References () http://www.vmware.com/support/player/doc/releasenotes_player.html - () http://www.vmware.com/support/player/doc/releasenotes_player.html -
References () http://www.vmware.com/support/player2/doc/releasenotes_player2.html - () http://www.vmware.com/support/player2/doc/releasenotes_player2.html -
References () http://www.vmware.com/support/server/doc/releasenotes_server.html - () http://www.vmware.com/support/server/doc/releasenotes_server.html -
References () http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html - () http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html -
References () http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html - () http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html -
References () http://www.vupen.com/english/advisories/2008/1794 - () http://www.vupen.com/english/advisories/2008/1794 -
References () http://www.vupen.com/english/advisories/2008/1876/references - () http://www.vupen.com/english/advisories/2008/1876/references -
References () http://www.vupen.com/english/advisories/2008/2423 - () http://www.vupen.com/english/advisories/2008/2423 -
References () http://www.vupen.com/english/advisories/2008/2466 - () http://www.vupen.com/english/advisories/2008/2466 -
References () http://www.vupen.com/english/advisories/2008/2525 - () http://www.vupen.com/english/advisories/2008/2525 -
References () http://www.vupen.com/english/advisories/2008/2558 - () http://www.vupen.com/english/advisories/2008/2558 -
References () https://issues.rpath.com/browse/RPL-2608 - () https://issues.rpath.com/browse/RPL-2608 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9321 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9321 -
References () https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00717.html - () https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00717.html -
References () https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00721.html - () https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00721.html -
Information

Published : 2008-06-16 19:41

Updated : 2024-11-21 00:45

NVD link : CVE-2008-1806

Mitre link : CVE-2008-1806

CVE.ORG link : CVE-2008-1806

JSON object : View

Products Affected

freetype

  • freetype
CWE
CWE-189

Numeric Errors


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024