FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-1806

This CVE name corresponds to:

Entered Topic
2008-07-03 FreeType 2 -- Multiple Vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2008-1806
Phase Assigned(20080415)

Description

Integer overflow in FreeType2 before 2.3.6 allows context-dependent attackers to execute arbitrary code via a crafted set of 16-bit length values within the Private dictionary table in a Printer Font Binary (PFB) file, which triggers a heap-based buffer overflow.

References

Source Reference
IDEFENSE 20080610 Multiple Vendor FreeType2 PFB Integer Overflow Vulnerability
BUGTRAQ 20080814 rPSA-2008-0255-1 freetype
BUGTRAQ 20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.
FULLDISC 20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.
MISC http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=605780
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2008-318.htm
CONFIRM http://www.vmware.com/support/player/doc/releasenotes_player.html
CONFIRM http://www.vmware.com/support/player2/doc/releasenotes_player2.html
CONFIRM http://www.vmware.com/support/server/doc/releasenotes_server.html
CONFIRM http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
CONFIRM http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
CONFIRM http://www.vmware.com/security/advisories/VMSA-2008-0014.html
CONFIRM http://support.apple.com/kb/HT3129
CONFIRM http://support.apple.com/kb/HT3026
CONFIRM http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0255
CONFIRM https://issues.rpath.com/browse/RPL-2608
CONFIRM http://support.apple.com/kb/HT3438
APPLE APPLE-SA-2008-09-09
APPLE APPLE-SA-2008-09-12
APPLE APPLE-SA-2009-02-12
FEDORA FEDORA-2008-5425
FEDORA FEDORA-2008-5430
GENTOO GLSA-200806-10
GENTOO GLSA-201209-25
MANDRIVA MDVSA-2008:121
REDHAT RHSA-2008:0556
REDHAT RHSA-2008:0558
SUNALERT 239006
SUSE SUSE-SR:2008:014
UBUNTU USN-643-1
BID 29640
OVAL oval:org.mitre.oval:def:9321
VUPEN ADV-2008-1794
VUPEN ADV-2008-1876
VUPEN ADV-2008-2423
VUPEN ADV-2008-2466
VUPEN ADV-2008-2558
VUPEN ADV-2008-2525
SECTRACK 1020238
SECUNIA 30600
SECUNIA 30740
SECUNIA 30766
SECUNIA 30721
SECUNIA 30821
SECUNIA 30819
SECUNIA 30967
SECUNIA 31707
SECUNIA 31709
SECUNIA 31711
SECUNIA 31712
SECUNIA 31856
SECUNIA 31900
SECUNIA 31823
SECUNIA 31577
SECUNIA 31479
SECUNIA 33937