[Forgot Password]
Login  Register Subscribe

24003

 
 

131573

 
 

108530

 
 

909

 
 

85343

 
 

134

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2008-1808Date: (C)2008-06-16   (M)2018-06-11


Multiple off-by-one errors in FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via (1) a crafted table in a Printer Font Binary (PFB) file or (2) a crafted SHC instruction in a TrueType Font (TTF) file, which triggers a heap-based buffer overflow.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : CVSS Score : 7.5
Exploit Score: Exploit Score: 10.0
Impact Score: Impact Score: 6.4
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: NETWORK
Attack Complexity: Access Complexity: LOW
Privileges Required: Authentication: NONE
User Interaction: Confidentiality: PARTIAL
Scope: Integrity: PARTIAL
Confidentiality: Availability: PARTIAL
Integrity:  
Availability:  
  
Reference:
SECTRACK-1020240
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=717
http://www.securityfocus.com/archive/1/archive/1/495497/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/495869/100/0/threaded
SUNALERT-239006
BID-29637
BID-29639
SECUNIA-30600
SECUNIA-30721
SECUNIA-30740
SECUNIA-30766
SECUNIA-30819
SECUNIA-30821
SECUNIA-30967
SECUNIA-31479
SECUNIA-31577
SECUNIA-31707
SECUNIA-31709
SECUNIA-31711
SECUNIA-31712
SECUNIA-31823
SECUNIA-31856
SECUNIA-31900
SECUNIA-33937
SECUNIA-35204
ADV-2008-1794
ADV-2008-1876
ADV-2008-2423
ADV-2008-2466
ADV-2008-2525
ADV-2008-2558
APPLE-SA-2008-09-09
APPLE-SA-2008-09-12
APPLE-SA-2009-02-12
FEDORA-2008-5425
FEDORA-2008-5430
GLSA-200806-10
GLSA-201209-25
MDVSA-2008:121
RHSA-2008:0556
RHSA-2008:0558
RHSA-2009:0329
SUSE-SR:2008:014
USN-643-1
http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=605780
http://support.apple.com/kb/HT3026
http://support.apple.com/kb/HT3129
http://support.apple.com/kb/HT3438
http://support.avaya.com/elmodocs2/security/ASA-2008-318.htm
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0255
http://www.vmware.com/security/advisories/VMSA-2008-0014.html
http://www.vmware.com/support/player/doc/releasenotes_player.html
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
http://www.vmware.com/support/server/doc/releasenotes_server.html
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
https://issues.rpath.com/browse/RPL-2608

CPE    11
cpe:/a:freetype:freetype:2.2
cpe:/a:freetype:freetype:1.3.1
cpe:/a:freetype:freetype:2.1.7
cpe:/a:freetype:freetype:2.3.5
...
CWE    1
CWE-189
OVAL    10
oval:org.mitre.oval:def:7383
oval:org.secpod.oval:def:200270
oval:org.secpod.oval:def:200327
oval:org.secpod.oval:def:200360
...

© SecPod Technologies