[Forgot Password]
Login  Register Subscribe

23631

 
 

122183

 
 

98060

 
 

909

 
 

79198

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2008-1808

Date: (C)2008-06-16   (M)2017-11-18 


Multiple off-by-one errors in FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via (1) a crafted table in a Printer Font Binary (PFB) file or (2) a crafted SHC instruction in a TrueType Font (TTF) file, which triggers a heap-based buffer overflow.

CVSS Score: 7.5Access Vector: NETWORK
Exploit Score: 10.0Access Complexity: LOW
Impact Score: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL





Reference:
SECTRACK-1020240
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=717
http://www.securityfocus.com/archive/1/archive/1/495497/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/495869/100/0/threaded
SUNALERT-239006
BID-29637
BID-29639
SECUNIA-30600
SECUNIA-30721
SECUNIA-30740
SECUNIA-30766
SECUNIA-30819
SECUNIA-30821
SECUNIA-30967
SECUNIA-31479
SECUNIA-31577
SECUNIA-31707
SECUNIA-31709
SECUNIA-31711
SECUNIA-31712
SECUNIA-31823
SECUNIA-31856
SECUNIA-31900
SECUNIA-33937
SECUNIA-35204
ADV-2008-1794
ADV-2008-1876
ADV-2008-2423
ADV-2008-2466
ADV-2008-2525
ADV-2008-2558
APPLE-SA-2008-09-09
APPLE-SA-2008-09-12
APPLE-SA-2009-02-12
FEDORA-2008-5425
FEDORA-2008-5430
GLSA-200806-10
GLSA-201209-25
MDVSA-2008:121
RHSA-2008:0556
RHSA-2008:0558
RHSA-2009:0329
SUSE-SR:2008:014
USN-643-1
http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=605780
http://support.apple.com/kb/HT3026
http://support.apple.com/kb/HT3129
http://support.apple.com/kb/HT3438
http://support.avaya.com/elmodocs2/security/ASA-2008-318.htm
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0255
http://www.vmware.com/security/advisories/VMSA-2008-0014.html
http://www.vmware.com/support/player/doc/releasenotes_player.html
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
http://www.vmware.com/support/server/doc/releasenotes_server.html
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
https://issues.rpath.com/browse/RPL-2608

CPE    11
cpe:/a:freetype:freetype:2.2
cpe:/a:freetype:freetype:1.3.1
cpe:/a:freetype:freetype:2.1.7
cpe:/a:freetype:freetype:2.3.5
...
CWE    1
CWE-189
OVAL    10
oval:org.secpod.oval:def:301630
oval:org.secpod.oval:def:200270
oval:org.secpod.oval:def:200360
oval:org.secpod.oval:def:200485
...

© 2013 SecPod Technologies