FreeBSD : FreeType 2 -- Multiple Vulnerabilities (4fb43b2f-46a9-11dd-9d38-00163e000016)

High Nessus Plugin ID 33419

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Secunia reports :

- An integer overflow error exists in the processing of PFB font files. This can be exploited to cause a heap-based buffer overflow via a PFB file containing a specially crafted 'Private' dictionary table.

- An error in the processing of PFB font files can be exploited to trigger the 'free()' of memory areas that are not allocated on the heap.

- An off-by-one error exists in the processing of PFB font files. This can be exploited to cause a one-byte heap-based buffer overflow via a specially crafted PFB file.

- An off-by-one error exists in the implementation of the 'SHC' instruction while processing TTF files. This can be exploited to cause a one-byte heap-based buffer overflow via a specially crafted TTF file.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

Solution

Update the affected package.

See Also

http://www.nessus.org/u?cc3fe7c0

http://www.nessus.org/u?8013d3a4

Plugin Details

Severity: High

ID: 33419

File Name: freebsd_pkg_4fb43b2f46a911dd9d3800163e000016.nasl

Version: 1.17

Type: local

Published: 2008/07/08

Updated: 2019/08/02

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:freetype2, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2008/07/03

Vulnerability Publication Date: 2008/06/10

Reference Information

CVE: CVE-2008-1806, CVE-2008-1807, CVE-2008-1808

BID: 29637, 29639, 29640, 29641

Secunia: 30600

CWE: 189