| Vulnerability Name: | CVE-2008-1808 (CCN-42966) | ||||||||||||||||||||||||||||||||||||||||
| Assigned: | 2008-06-10 | ||||||||||||||||||||||||||||||||||||||||
| Published: | 2008-06-10 | ||||||||||||||||||||||||||||||||||||||||
| Updated: | 2021-01-26 | ||||||||||||||||||||||||||||||||||||||||
| Summary: | Multiple off-by-one errors in FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via (1) a crafted table in a Printer Font Binary (PFB) file or (2) a crafted SHC instruction in a TrueType Font (TTF) file, which triggers a heap-based buffer overflow. | ||||||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-189 CWE-193 | ||||||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2008-1808 Source: IDEFENSE Type: UNKNOWN 20080610 Multiple Vendor FreeType2 Multiple Heap Overflow Vulnerabilities Source: APPLE Type: UNKNOWN APPLE-SA-2008-09-09 Source: APPLE Type: UNKNOWN APPLE-SA-2008-09-12 Source: APPLE Type: UNKNOWN APPLE-SA-2009-02-12 Source: FULLDISC Type: UNKNOWN 20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues. Source: SUSE Type: UNKNOWN SUSE-SR:2008:014 Source: CCN Type: RHSA-2008-0556 Important: freetype security update Source: CCN Type: RHSA-2008-0558 Important: freetype security update Source: CCN Type: RHSA-2009-0329 Important: freetype security update Source: CCN Type: SA30600 FreeType Multiple Vulnerabilities Source: SECUNIA Type: Vendor Advisory 30600 Source: SECUNIA Type: UNKNOWN 30721 Source: SECUNIA Type: UNKNOWN 30740 Source: CCN Type: SA30766 Sun Solaris FreeType Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 30766 Source: SECUNIA Type: UNKNOWN 30819 Source: SECUNIA Type: UNKNOWN 30821 Source: SECUNIA Type: UNKNOWN 30967 Source: SECUNIA Type: UNKNOWN 31479 Source: CCN Type: SA31577 Avaya Communication Manager FreeType Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 31577 Source: CCN Type: SA31707 VMware Workstation Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 31707 Source: CCN Type: SA31709 VMware Player Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 31709 Source: CCN Type: SA31711 VMware Fusion Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 31711 Source: CCN Type: SA31712 VMware ESX Server Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 31712 Source: CCN Type: SA31823 Apple iPod Touch Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 31823 Source: SECUNIA Type: UNKNOWN 31856 Source: CCN Type: SA31900 Apple iPhone Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 31900 Source: CCN Type: SA33937 Apple Mac OS X Security Update Fixes Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 33937 Source: SECUNIA Type: UNKNOWN 35204 Source: GENTOO Type: UNKNOWN GLSA-200806-10 Source: GENTOO Type: UNKNOWN GLSA-201209-25 Source: CCN Type: SECTRACK ID: 1020240 FreeType2 Heap Overflows in Parsing PFB and TTF Font Files Lets Remote Users Execute Arbitrary Code Source: SECTRACK Type: UNKNOWN 1020240 Source: CCN Type: SourceForge.net The FreeType Project Source: CCN Type: SourceForge.net: Files The FreeType Project, File Release Notes and Changelog, Release Name: 2.3.6 Source: MISC Type: UNKNOWN http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=605780 Source: SUNALERT Type: UNKNOWN 239006 Source: CCN Type: Sun Alert ID: 239006 Multiple Security Vulnerabilities in the FreeType2 library for Printer Font Binary (PFB) or TrueType Font (TTF) format font files may lead to a Denial of Service (DoS) or allow Execution of Arbitrary Code Source: CCN Type: Apple Web site About the security content of iPod touch v2.1 Source: CONFIRM Type: UNKNOWN http://support.apple.com/kb/HT3026 Source: CONFIRM Type: UNKNOWN http://support.apple.com/kb/HT3129 Source: CONFIRM Type: UNKNOWN http://support.apple.com/kb/HT3438 Source: CONFIRM Type: UNKNOWN http://support.avaya.com/elmodocs2/security/ASA-2008-318.htm Source: CCN Type: ASA-2008-318 freetype security update (RHSA-2008-0556) Source: CCN Type: ASA-2008-323 freetype security update (RHSA-2008-0558) Source: CCN Type: ASA-2009-226 freetype security update (RHSA-2009-0329) Source: CONFIRM Type: UNKNOWN http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0255 Source: DEBIAN Type: DSA-1635 freetype -- multiple vulnerabilities Source: CCN Type: GLSA-200806-10 FreeType: User-assisted execution of arbitrary code Source: MANDRIVA Type: UNKNOWN MDVSA-2008:121 Source: REDHAT Type: UNKNOWN RHSA-2008:0556 Source: REDHAT Type: UNKNOWN RHSA-2008:0558 Source: REDHAT Type: UNKNOWN RHSA-2009:0329 Source: BUGTRAQ Type: UNKNOWN 20080814 rPSA-2008-0255-1 freetype Source: BUGTRAQ Type: UNKNOWN 20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues. Source: BID Type: Patch 29637 Source: CCN Type: BID-29637 FreeType Printer Font Binary Heap Buffer Overflow Vulnerability Source: BID Type: Patch 29639 Source: CCN Type: BID-29639 FreeType TrueType Font 'SHC' Heap Buffer Overflow Vulnerability Source: CCN Type: USN-643-1 FreeType vulnerabilities Source: UBUNTU Type: UNKNOWN USN-643-1 Source: CONFIRM Type: UNKNOWN http://www.vmware.com/security/advisories/VMSA-2008-0014.html Source: CONFIRM Type: UNKNOWN http://www.vmware.com/support/player/doc/releasenotes_player.html Source: CONFIRM Type: UNKNOWN http://www.vmware.com/support/player2/doc/releasenotes_player2.html Source: CONFIRM Type: UNKNOWN http://www.vmware.com/support/server/doc/releasenotes_server.html Source: CONFIRM Type: UNKNOWN http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html Source: CONFIRM Type: UNKNOWN http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html Source: VUPEN Type: UNKNOWN ADV-2008-1794 Source: VUPEN Type: UNKNOWN ADV-2008-1876 Source: VUPEN Type: UNKNOWN ADV-2008-2423 Source: VUPEN Type: UNKNOWN ADV-2008-2466 Source: VUPEN Type: UNKNOWN ADV-2008-2525 Source: VUPEN Type: UNKNOWN ADV-2008-2558 Source: XF Type: UNKNOWN freetype2-fontfile-bo(42966) Source: CONFIRM Type: UNKNOWN https://issues.rpath.com/browse/RPL-2608 Source: CCN Type: iDefense Labs PUBLIC ADVISORY: 06.10.08 Multiple Vendor FreeType2 Multiple Heap Overflow Vulnerabilities Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:11188 Source: FEDORA Type: UNKNOWN FEDORA-2008-5425 Source: FEDORA Type: UNKNOWN FEDORA-2008-5430 Source: SUSE Type: SUSE-SR:2008:014 [security-announce] SUSE Security Summary Report SUSE-SR:2008:014 | ||||||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: Configuration RedHat 5: Configuration RedHat 6: Configuration RedHat 7: Configuration RedHat 8: Configuration RedHat 9:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||||||