CVE-2008-1806

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Integer overflow in FreeType2 before 2.3.6 allows context-dependent attackers to execute arbitrary code via a crafted set of 16-bit length values within the Private dictionary table in a Printer Font Binary (PFB) file, which triggers a heap-based buffer overflow.

References

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=715

http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html

http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html

http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html

http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html

http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html

http://secunia.com/advisories/30600

http://secunia.com/advisories/30721

http://secunia.com/advisories/30740

http://secunia.com/advisories/30766

http://secunia.com/advisories/30819

http://secunia.com/advisories/30821

http://secunia.com/advisories/30967

http://secunia.com/advisories/31479

http://secunia.com/advisories/31577

http://secunia.com/advisories/31707

http://secunia.com/advisories/31709

http://secunia.com/advisories/31711

http://secunia.com/advisories/31712

http://secunia.com/advisories/31823

http://secunia.com/advisories/31856

http://secunia.com/advisories/31900

http://secunia.com/advisories/33937

http://security.gentoo.org/glsa/glsa-200806-10.xml

http://security.gentoo.org/glsa/glsa-201209-25.xml

http://securitytracker.com/id?1020238

http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=605780

http://sunsolve.sun.com/search/document.do?assetkey=1-26-239006-1

http://support.apple.com/kb/HT3026

http://support.apple.com/kb/HT3129

http://support.apple.com/kb/HT3438

http://support.avaya.com/elmodocs2/security/ASA-2008-318.htm

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0255

http://www.mandriva.com/security/advisories?name=MDVSA-2008:121

http://www.redhat.com/support/errata/RHSA-2008-0556.html

http://www.redhat.com/support/errata/RHSA-2008-0558.html

http://www.securityfocus.com/archive/1/495497/100/0/threaded

http://www.securityfocus.com/archive/1/495869/100/0/threaded

http://www.securityfocus.com/bid/29640

http://www.ubuntu.com/usn/usn-643-1

http://www.vmware.com/security/advisories/VMSA-2008-0014.html

http://www.vmware.com/support/player/doc/releasenotes_player.html

http://www.vmware.com/support/player2/doc/releasenotes_player2.html

http://www.vmware.com/support/server/doc/releasenotes_server.html

http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html

http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html

http://www.vupen.com/english/advisories/2008/1794

http://www.vupen.com/english/advisories/2008/1876/references

http://www.vupen.com/english/advisories/2008/2423

http://www.vupen.com/english/advisories/2008/2466

http://www.vupen.com/english/advisories/2008/2525

http://www.vupen.com/english/advisories/2008/2558

https://issues.rpath.com/browse/RPL-2608

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9321

https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00717.html

https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00721.html

Details

Source: MITRE

Published: 2008-06-16

Updated: 2018-10-11

Type: CWE-189

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Tenable Plugins

View all (16 total)

IDNameProductFamilySeverity
79459OracleVM 2.1 : freetype (OVMSA-2009-0012)NessusOracleVM Local Security Checks
critical
67715Oracle Linux 3 / 4 / 5 : freetype (ELSA-2008-0556)NessusOracle Linux Local Security Checks
high
62383GLSA-201209-25 : VMware Player, Server, Workstation: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium
60427Scientific Linux Security Update : freetype on SL3.x, SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
high
40382VMSA-2008-0014 : Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX, VMware VCB address information disclosure, privilege escalation and other security issues.NessusVMware ESX Local Security Checks
medium
37738Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : freetype vulnerabilities (USN-643-1)NessusUbuntu Local Security Checks
high
37537Mandriva Linux Security Advisory : freetype2 (MDVSA-2008:121)NessusMandriva Local Security Checks
high
35684Mac OS X Multiple Vulnerabilities (Security Update 2009-001)NessusMacOS X Local Security Checks
critical
34163Debian DSA-1635-1 : freetype - multiple vulnerabilitiesNessusDebian Local Security Checks
high
33419FreeBSD : FreeType 2 -- Multiple Vulnerabilities (4fb43b2f-46a9-11dd-9d38-00163e000016)NessusFreeBSD Local Security Checks
high
33250RHEL 2.1 : freetype (RHSA-2008:0558)NessusRed Hat Local Security Checks
high
33249RHEL 3 / 4 / 5 : freetype (RHSA-2008:0556)NessusRed Hat Local Security Checks
high
33246GLSA-200806-10 : FreeType: User-assisted execution of arbitrary codeNessusGentoo Local Security Checks
high
33229CentOS 3 / 4 / 5 : freetype (CESA-2008:0556)NessusCentOS Local Security Checks
high
33222Fedora 8 : freetype-2.3.5-4.fc8 (2008-5430)NessusFedora Local Security Checks
high
33221Fedora 9 : freetype-2.3.5-6.fc9 (2008-5425)NessusFedora Local Security Checks
high