FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-1806

This CVE name corresponds to:

Entered Topic
2008-07-03 FreeType 2 -- Multiple Vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2008-1806 at cve.mitre.org

Details

Type Candidate
Name CVE-2008-1806
Phase Assigned(20080415)

Description

Integer overflow in FreeType2 before 2.3.6 allows context-dependent attackers to execute arbitrary code via a crafted set of 16-bit length values within the Private dictionary table in a Printer Font Binary (PFB) file, which triggers a heap-based buffer overflow.

References

Source Reference
IDEFENSE 20080610 Multiple Vendor FreeType2 PFB Integer Overflow Vulnerability
MISC http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=605780
FEDORA FEDORA-2008-5425
FEDORA FEDORA-2008-5430
GENTOO GLSA-200806-10
MANDRIVA MDVSA-2008:121
REDHAT RHSA-2008:0556
REDHAT RHSA-2008:0558
SUNALERT 239006
SUSE SUSE-SR:2008:014
BID 29640
FRSIRT ADV-2008-1794
FRSIRT ADV-2008-1876
SECTRACK 1020238
SECUNIA 30600
SECUNIA 30740
SECUNIA 30766
SECUNIA 30721
SECUNIA 30821
SECUNIA 30819
SECUNIA 30967

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.