ID CVE-2008-1807
Summary FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via an invalid "number of axes" field in a Printer Font Binary (PFB) file, which triggers a free of arbitrary memory locations, leading to memory corruption.
References
Vulnerable Configurations
  • FreeType 1.3.1
    cpe:2.3:a:freetype:freetype:1.3.1
  • FreeType 2.3.3
    cpe:2.3:a:freetype:freetype:2.3.3
  • FreeType 2.3.4
    cpe:2.3:a:freetype:freetype:2.3.4
  • FreeType 2.3.5
    cpe:2.3:a:freetype:freetype:2.3.5
CVSS
Base: 7.5 (as of 17-06-2008 - 11:21)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2009-0012.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : CVE-2009-0946 Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c. CVE-2008-1806 Integer overflow in FreeType2 before 2.3.6 allows context-dependent attackers to execute arbitrary code via a crafted set of 16-bit length values within the Private dictionary table in a Printer Font Binary (PFB) file, which triggers a heap-based buffer overflow. CVE-2008-1807 FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via an invalid 'number of axes' field in a Printer Font Binary (PFB) file, which triggers a free of arbitrary memory locations, leading to memory corruption. CVE-2008-1808 Multiple off-by-one errors in FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via (1) a crafted table in a Printer Font Binary (PFB) file or (2) a crafted SHC instruction in a TrueType Font (TTF) file, which triggers a heap-based buffer overflow. - Add freetype-2009-CVEs.patch - Resolves: #496111 - Add freetype-2.3.5-CVEs.patch - Resolves: #450910
    last seen 2019-02-21
    modified 2017-02-14
    plugin id 79459
    published 2014-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79459
    title OracleVM 2.1 : freetype (OVMSA-2009-0012)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201209-25.NASL
    description The remote host is affected by the vulnerability described in GLSA-201209-25 (VMware Player, Server, Workstation: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in VMware Player, Server, and Workstation. Please review the CVE identifiers referenced below for details. Impact : Local users may be able to gain escalated privileges, cause a Denial of Service, or gain sensitive information. A remote attacker could entice a user to open a specially crafted file, possibly resulting in the remote execution of arbitrary code, or a Denial of Service. Remote attackers also may be able to spoof DNS traffic, read arbitrary files, or inject arbitrary web script to the VMware Server Console. Furthermore, guest OS users may be able to execute arbitrary code on the host OS, gain escalated privileges on the guest OS, or cause a Denial of Service (crash the host OS). Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 62383
    published 2012-10-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62383
    title GLSA-201209-25 : VMware Player, Server, Workstation: Multiple vulnerabilities
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2008-0014.NASL
    description I Security Issues a. Setting ActiveX kill bit Starting from this release, VMware has set the kill bit on its ActiveX controls. Setting the kill bit ensures that ActiveX controls cannot run in Internet Explorer (IE), and avoids security issues involving ActiveX controls in IE. See the Microsoft KB article 240797 and the related references on this topic. Security vulnerabilities have been reported for ActiveX controls provided by VMware when run in IE. Under specific circumstances, exploitation of these ActiveX controls might result in denial-of- service or can allow running of arbitrary code when the user browses a malicious Web site or opens a malicious file in IE browser. An attempt to run unsafe ActiveX controls in IE might result in pop-up windows warning the user. Note: IE can be configured to run unsafe ActiveX controls without prompting. VMware recommends that you retain the default settings in IE, which prompts when unsafe actions are requested. Earlier, VMware had issued knowledge base articles, KB 5965318 and KB 9078920 on security issues with ActiveX controls. To avoid malicious scripts that exploit ActiveX controls, do not enable unsafe ActiveX objects in your browser settings. As a best practice, do not browse untrusted Web sites as an administrator and do not click OK or Yes if prompted by IE to allow certain actions. VMware would like to thank Julien Bachmann, Shennan Wang, Shinnai, and Michal Bucko for reporting these issues to us. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the names CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, CVE-2007-5438, and CVE-2008-3696 to the security issues with VMware ActiveX controls. b. VMware ISAPI Extension Denial of Service The Internet Server Application Programming Interface (ISAPI) is an API that extends the functionality of Internet Information Server (IIS). VMware uses ISAPI extensions in its Server product. One of the ISAPI extensions provided by VMware is vulnerable to a remote denial of service. By sending a malformed request, IIS might shut down. IIS 6.0 restarts automatically. However, IIS 5.0 does not restart automatically when its Startup Type is set to Manual. VMware would like to thank the Juniper Networks J-Security Security Research Team for reporting this issue to us. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2008-3697 to this issue. c. OpenProcess Local Privilege Escalation on Host System This release fixes a privilege escalation vulnerability in host systems. Exploitation of this vulnerability allows users to run arbitrary code on the host system with elevated privileges. VMware would like to thank Sun Bing from McAfee, Inc. for reporting this issue to us. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2008-3698 to this issue. d. Update to Freetype FreeType 2.3.6 resolves an integer overflow vulnerability and other vulnerabilities that can allow malicious users to run arbitrary code or might cause a denial-of-service after reading a maliciously crafted file. This release updates FreeType to 2.3.7. The Common Vulnerabilities and Exposures Project (cve.mitre.com) has assigned the names CVE-2008-1806, CVE-2008-1807, and CVE-2008-1808 to the issues resolved in Freetype 2.3.6. e. Update to Cairo Cairo 1.4.12 resolves an integer overflow vulnerability that can allow malicious users to run arbitrary code or might cause a denial-of-service after reading a maliciously crafted PNG file. This release updates Cairo to 1.4.14. The Common Vulnerabilities and Exposures (cve.mitre.com) has assigned the name CVE-2007-5503 to this issue. f. VMware Consolidated Backup (VCB) command-line utilities may expose sensitive information VMware Consolidated Backup command-line utilities accept the user password through the -p command-line option. Users logged into the ESX service console or into the system that runs VCB could gain access to the username and password used by VCB command-line utilities when such commands are running. The ESX patch and the new version of VCB resolve this issue by providing an alternative way of passing the password used by VCB command-line utilities. VCB in ESX ---------- The following options are recommended for passing the password : 1. The password is specified in /etc/backuptools.conf (PASSWORD=xxxxx), and -p is not used in the command line. /etc/backuptools.conf file permissions are read/write only for root. 2. No password is specified in /etc/backuptools.conf and the -p option is not used in the command line. The user will be prompted to enter a password. ESX is not affected unless you use VCB. Stand-alone VCB --------------- The following options are recommended for passing the password : 1. The password is specified in config.js (PASSWORD=xxxxx), and -p is not used in the command line. The file permissions on config.js are read/write only for the administrator. The config.js file is located in folder 'config' of the VCB installation folder. For example, C:\Program Files\Vmware\Vmware Consolidated Backup Framework\config. 2. The password is specified in the registry, and is not specified in config.js, and -p is not used in the command line. Access to the registry key holding the password is allowed only to the administrator. The location of the registry key is : On Windows x86: HKEY_LOCAL_MACHINE\SOFTWARE\VMware, Inc.\ VMware Consolidated Backup\Password On Windows x64: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ VMware, Inc.\VMware Consolidated Backup\Password 3. The password is not specified in the registry, and is not specified in config.js, and -p is not used in the command line. The user will be prompted to enter a password. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-2101 to this issue. g. Third-Party Library libpng Updated to 1.2.29 Several flaws were discovered in the way third-party library libpng handled various PNG image chunks. An attacker could create a carefully crafted PNG image file in such a way that it causes an application linked with libpng to crash when the file is manipulated. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-5269 to this issue. NOTE: There are multiple patches required to remediate the issue. II ESX Service Console rpm updates a. update to bind This update upgrades the service console rpms for bind-utils and bind-lib to version 9.2.4-22.el3. Version 9.2.4.-22.el3 addresses the recently discovered vulnerability in the BIND software used for Domain Name resolution (DNS). VMware doesn't install all the BIND packages on ESX Server and is not vulnerable by default to the reported vulnerability. Of the BIND packages, VMware only ships bind-util and bind-lib in the service console and these components by themselves cannot be used to setup a DNS server. Bind-lib and bind-util are used in client DNS applications like nsupdate, nslookup, etc. VMware explicitly discourages installing applications like BIND on the service console. In case the customer has installed BIND, and the DNS server is configured to support recursive queries, their ESX Server system is affected and they should replace BIND with a patched version. Note: ESX Server will use the DNS server on the network it is on, so it is important to patch that DNS server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-1447 to this issue.
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 40382
    published 2009-07-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40382
    title VMSA-2008-0014 : Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX, VMware VCB address information disclosure, privilege escalation and other security issues.
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2009-001.NASL
    description The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have Security Update 2009-001 applied. This security update contains fixes for the following products : - AFP Server - Apple Pixlet Video - CarbonCore - CFNetwork - Certificate Assistant - ClamAV - CoreText - CUPS - DS Tools - fetchmail - Folder Manager - FSEvents - Network Time - perl - Printing - python - Remote Apple Events - Safari RSS - servermgrd - SMB - SquirrelMail - X11 - XTerm
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 35684
    published 2009-02-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35684
    title Mac OS X Multiple Vulnerabilities (Security Update 2009-001)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-643-1.NASL
    description Multiple flaws were discovered in the PFB and TTF font handling code in freetype. If a user were tricked into using a specially crafted font file, a remote attacker could execute arbitrary code with user privileges or cause the application linked against freetype to crash, leading to a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 37738
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37738
    title Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : freetype vulnerabilities (USN-643-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1635.NASL
    description Several local vulnerabilities have been discovered in freetype, a FreeType 2 font engine, which could allow the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-1806 An integer overflow allows context-dependent attackers to execute arbitrary code via a crafted set of values within the Private dictionary table in a Printer Font Binary (PFB) file. - CVE-2008-1807 The handling of an invalid 'number of axes' field in the PFB file could trigger the freeing of arbitrary memory locations, leading to memory corruption. - CVE-2008-1808 Multiple off-by-one errors allowed the execution of arbitrary code via malformed tables in PFB files, or invalid SHC instructions in TTF files.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 34163
    published 2008-09-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34163
    title Debian DSA-1635-1 : freetype - multiple vulnerabilities
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20080620_FREETYPE_ON_SL3_X.NASL
    description Multiple flaws were discovered in FreeType's Printer Font Binary (PFB) and TrueType Font (TTF) font-file format parsers. If a user loaded a carefully crafted font-file with a program linked against FreeType, it could cause the application to crash, or possibly execute arbitrary code. (CVE-2008-1806, CVE-2008-1807, CVE-2008-1808) Note: the flaw in FreeType's TrueType Font (TTF) font-file format parser, covered by CVE-2008-1808, did not affect the freetype packages as shipped in Scientific Linux 3, 4, and 5, as they are not compiled with TTF Byte Code Interpreter (BCI) support.
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60427
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60427
    title Scientific Linux Security Update : freetype on SL3.x, SL4.x, SL5.x i386/x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0558.NASL
    description Updated freetype packages that fix various security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 25th June 2008] The original packages distributed with this errata had a bug which prevented freetype library from loading certain font files correctly. We have updated the packages to correct this bug. FreeType is a free, high-quality, portable font engine that can open and manage font files, as well as efficiently load, hint and render individual glyphs. Multiple flaws were discovered in FreeType's Printer Font Binary (PFB) and TrueType Font (TTF) font-file format parsers. If a user loaded a carefully crafted font-file with a program linked against FreeType, it could cause the application to crash, or possibly execute arbitrary code. (CVE-2008-1806, CVE-2008-1807, CVE-2008-1808) Note: the flaw in FreeType's TrueType Font (TTF) font-file format parser, covered by CVE-2008-1808, only affected the FreeType 1 library (libttf), which shipped in the freetype packages in Red Hat Enterprise Linux 2.1. The FreeType 2 library (libfreetype) is not affected, as it is not compiled with TTF Byte Code Interpreter (BCI) support. Users of freetype should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 33250
    published 2008-06-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33250
    title RHEL 2.1 : freetype (RHSA-2008:0558)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200806-10.NASL
    description The remote host is affected by the vulnerability described in GLSA-200806-10 (FreeType: User-assisted execution of arbitrary code) Regenrecht reported multiple vulnerabilities in FreeType via iDefense: An integer overflow when parsing values in the Private dictionary table in a PFB file, leading to a heap-based buffer overflow (CVE-2008-1806). An invalid free() call related to parsing an invalid 'number of axes' field in a PFB file (CVE-2008-1807). Multiple off-by-one errors when parsing PBF and TTF files, leading to heap-based buffer overflows (CVE-2008-1808). Impact : A remote attacker could entice a user to open a specially crafted TTF or PBF file, possibly resulting in the execution of arbitrary code with the privileges of the user running an application linked against FreeType (such as the X.org X server, running as root). Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 33246
    published 2008-06-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33246
    title GLSA-200806-10 : FreeType: User-assisted execution of arbitrary code
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0556.NASL
    description Updated freetype packages that fix various security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 25th June 2008] The original packages for Red Hat Enterprise Linux 3 and 4 distributed with this errata had a bug which prevented freetype library from loading certain font files correctly. We have updated the packages to correct this bug. FreeType is a free, high-quality, portable font engine that can open and manage font files, as well as efficiently load, hint and render individual glyphs. Multiple flaws were discovered in FreeType's Printer Font Binary (PFB) font-file format parser. If a user loaded a carefully crafted font-file with a program linked against FreeType, it could cause the application to crash, or possibly execute arbitrary code. (CVE-2008-1806, CVE-2008-1807, CVE-2008-1808) Note: the flaw in FreeType's TrueType Font (TTF) font-file format parser, covered by CVE-2008-1808, did not affect the freetype packages as shipped in Red Hat Enterprise Linux 3, 4, and 5, as they are not compiled with TTF Byte Code Interpreter (BCI) support. Users of freetype should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 33249
    published 2008-06-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33249
    title RHEL 3 / 4 / 5 : freetype (RHSA-2008:0556)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2008-0556.NASL
    description Updated freetype packages that fix various security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 25th June 2008] The original packages for Red Hat Enterprise Linux 3 and 4 distributed with this errata had a bug which prevented freetype library from loading certain font files correctly. We have updated the packages to correct this bug. FreeType is a free, high-quality, portable font engine that can open and manage font files, as well as efficiently load, hint and render individual glyphs. Multiple flaws were discovered in FreeType's Printer Font Binary (PFB) font-file format parser. If a user loaded a carefully crafted font-file with a program linked against FreeType, it could cause the application to crash, or possibly execute arbitrary code. (CVE-2008-1806, CVE-2008-1807, CVE-2008-1808) Note: the flaw in FreeType's TrueType Font (TTF) font-file format parser, covered by CVE-2008-1808, did not affect the freetype packages as shipped in Red Hat Enterprise Linux 3, 4, and 5, as they are not compiled with TTF Byte Code Interpreter (BCI) support. Users of freetype should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 33229
    published 2008-06-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33229
    title CentOS 3 / 4 / 5 : freetype (CESA-2008:0556)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2008-121.NASL
    description Multiple vulnerabilities were discovered in FreeType's Printer Font Binary (PFB) font-file format parser. If a user were to load a carefully crafted font file with a program linked against FreeType, it could cause the application to crash or potentially execute arbitrary code (CVE-2008-1806, CVE-2008-1807, CVE-2008-1808). The updated packages have been patched to prevent this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 37537
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37537
    title Mandriva Linux Security Advisory : freetype2 (MDVSA-2008:121)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2008-0556.NASL
    description From Red Hat Security Advisory 2008:0556 : Updated freetype packages that fix various security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 25th June 2008] The original packages for Red Hat Enterprise Linux 3 and 4 distributed with this errata had a bug which prevented freetype library from loading certain font files correctly. We have updated the packages to correct this bug. FreeType is a free, high-quality, portable font engine that can open and manage font files, as well as efficiently load, hint and render individual glyphs. Multiple flaws were discovered in FreeType's Printer Font Binary (PFB) font-file format parser. If a user loaded a carefully crafted font-file with a program linked against FreeType, it could cause the application to crash, or possibly execute arbitrary code. (CVE-2008-1806, CVE-2008-1807, CVE-2008-1808) Note: the flaw in FreeType's TrueType Font (TTF) font-file format parser, covered by CVE-2008-1808, did not affect the freetype packages as shipped in Red Hat Enterprise Linux 3, 4, and 5, as they are not compiled with TTF Byte Code Interpreter (BCI) support. Users of freetype should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2016-05-06
    plugin id 67715
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67715
    title Oracle Linux 3 / 4 / 5 : freetype (ELSA-2008-0556)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-5430.NASL
    description This update backports security fixes from upstream version 2.3.6 - CVE-2008-1806, CVE-2008-1807 and CVE-2008-1808. For further details, see: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=7 15 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=7 16 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=7 17 Note: TTF bytecode interpreter is not enabled by default in the Fedora freetype packages, therefore Fedora packages were not affected by the TTF part of the CVE-2008-1808. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-05-05
    plugin id 33222
    published 2008-06-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33222
    title Fedora 8 : freetype-2.3.5-4.fc8 (2008-5430)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_4FB43B2F46A911DD9D3800163E000016.NASL
    description Secunia reports : - An integer overflow error exists in the processing of PFB font files. This can be exploited to cause a heap-based buffer overflow via a PFB file containing a specially crafted 'Private' dictionary table. - An error in the processing of PFB font files can be exploited to trigger the 'free()' of memory areas that are not allocated on the heap. - An off-by-one error exists in the processing of PFB font files. This can be exploited to cause a one-byte heap-based buffer overflow via a specially crafted PFB file. - An off-by-one error exists in the implementation of the 'SHC' instruction while processing TTF files. This can be exploited to cause a one-byte heap-based buffer overflow via a specially crafted TTF file. Successful exploitation of the vulnerabilities may allow execution of arbitrary code.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 33419
    published 2008-07-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33419
    title FreeBSD : FreeType 2 -- Multiple Vulnerabilities (4fb43b2f-46a9-11dd-9d38-00163e000016)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-5425.NASL
    description This update backports security fixes from upstream version 2.3.6 - CVE-2008-1806, CVE-2008-1807 and CVE-2008-1808. For further details, see: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=7 15 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=7 16 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=7 17 Note: TTF bytecode interpreter is not enabled by default in the Fedora freetype packages, therefore Fedora packages were not affected by the TTF part of the CVE-2008-1808. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-05-05
    plugin id 33221
    published 2008-06-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33221
    title Fedora 9 : freetype-2.3.5-6.fc9 (2008-5425)
oval via4
accepted 2013-04-29T04:22:00.010-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via an invalid "number of axes" field in a Printer Font Binary (PFB) file, which triggers a free of arbitrary memory locations, leading to memory corruption.
family unix
id oval:org.mitre.oval:def:9767
status accepted
submitted 2010-07-09T03:56:16-04:00
title FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via an invalid "number of axes" field in a Printer Font Binary (PFB) file, which triggers a free of arbitrary memory locations, leading to memory corruption.
version 24
redhat via4
advisories
  • rhsa
    id RHSA-2008:0556
  • rhsa
    id RHSA-2008:0558
rpms
  • freetype-0:2.1.4-10.el3
  • freetype-devel-0:2.1.4-10.el3
  • freetype-0:2.1.9-8.el4.6
  • freetype-demos-0:2.1.9-8.el4.6
  • freetype-devel-0:2.1.9-8.el4.6
  • freetype-utils-0:2.1.9-8.el4.6
  • freetype-0:2.2.1-20.el5_2
  • freetype-demos-0:2.2.1-20.el5_2
  • freetype-devel-0:2.2.1-20.el5_2
refmap via4
apple
  • APPLE-SA-2008-09-09
  • APPLE-SA-2008-09-12
  • APPLE-SA-2009-02-12
bid 29641
bugtraq
  • 20080814 rPSA-2008-0255-1 freetype
  • 20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.
confirm
fedora
  • FEDORA-2008-5425
  • FEDORA-2008-5430
fulldisc 20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.
gentoo
  • GLSA-200806-10
  • GLSA-201209-25
idefense 20080610 Multiple Vendor FreeType2 PFB Memory Corruption Vulnerability
mandriva MDVSA-2008:121
misc http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=605780
sectrack 1020239
secunia
  • 30600
  • 30721
  • 30740
  • 30766
  • 30819
  • 30821
  • 30967
  • 31479
  • 31577
  • 31707
  • 31709
  • 31711
  • 31712
  • 31823
  • 31856
  • 31900
  • 33937
sunalert 239006
suse SUSE-SR:2008:014
ubuntu USN-643-1
vupen
  • ADV-2008-1794
  • ADV-2008-1876
  • ADV-2008-2423
  • ADV-2008-2466
  • ADV-2008-2525
  • ADV-2008-2558
Last major update 14-05-2013 - 22:40
Published 16-06-2008 - 15:41
Last modified 11-10-2018 - 16:36
Back to Top