CVE-2008-1807

2008-06-16 21:41:00 2018-10-11 22:36:58

FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via an invalid "number of axes" field in a Printer Font Binary (PFB) file, which triggers a free of arbitrary memory locations, leading to memory corruption.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

FreeType 2.3.5 FreeType 2.3.4 FreeType 2.3.3 FreeType 1.3.1

Freetype - Freetype

Advisory	Patch	Confirmed	Link
			FEDORA-2008-5430
			FEDORA-2008-5425
			https://issues.rpath.com/browse/RPL-2608
			ADV-2008-2466
			ADV-2008-2525
			ADV-2008-2558
			ADV-2008-2423
			ADV-2008-1794
			ADV-2008-1876
			http://www.vmware.com/support/ws6/doc/releasenotes_ws6.h...
			http://www.vmware.com/support/ws55/doc/releasenotes_ws55...
			http://www.vmware.com/support/player2/doc/releasenotes_p...
			http://www.vmware.com/support/server/doc/releasenotes_se...
			http://www.vmware.com/support/player/doc/releasenotes_pl...
			29641
			USN-643-1
			http://www.vmware.com/security/advisories/VMSA-2008-0014...
			20080830 VMSA-2008-0014 Updates to VMware Workstation, V...
			20080814 rPSA-2008-0255-1 freetype
			RHSA-2008:0558
			MDVSA-2008:121
			RHSA-2008:0556
			http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0255
			http://support.avaya.com/elmodocs2/security/ASA-2008-318...
			http://support.apple.com/kb/HT3438
			http://support.apple.com/kb/HT3129
			http://support.apple.com/kb/HT3026
			239006
			http://sourceforge.net/project/shownotes.php?group_id=31...
			1020239
			GLSA-200806-10
			GLSA-201209-25
			SUSE-SR:2008:014
			20080830 VMSA-2008-0014 Updates to VMware Workstation, V...
			APPLE-SA-2009-02-12
			APPLE-SA-2008-09-12
			APPLE-SA-2008-09-09
			20080610 Multiple Vendor FreeType2 PFB Memory Corruption...

CVE-2008-1807

2008-06-16 21:41:00 2018-10-11 22:36:58

Vector

Complexity

Authentication

Confidentiality

Integrity

Availability

Numeric Errors (ID 189)