FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-1807

This CVE name corresponds to:

Entered Topic
2008-07-03 FreeType 2 -- Multiple Vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2008-1807
Phase Assigned(20080415)

Description

FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via an invalid "number of axes" field in a Printer Font Binary (PFB) file, which triggers a free of arbitrary memory locations, leading to memory corruption.

References

Source Reference
IDEFENSE 20080610 Multiple Vendor FreeType2 PFB Memory Corruption Vulnerability
BUGTRAQ 20080814 rPSA-2008-0255-1 freetype
BUGTRAQ 20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.
FULLDISC 20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.
MISC http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=605780
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2008-318.htm
CONFIRM http://www.vmware.com/support/player/doc/releasenotes_player.html
CONFIRM http://www.vmware.com/support/player2/doc/releasenotes_player2.html
CONFIRM http://www.vmware.com/support/server/doc/releasenotes_server.html
CONFIRM http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
CONFIRM http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
CONFIRM http://www.vmware.com/security/advisories/VMSA-2008-0014.html
CONFIRM http://support.apple.com/kb/HT3129
CONFIRM http://support.apple.com/kb/HT3026
CONFIRM http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0255
CONFIRM https://issues.rpath.com/browse/RPL-2608
CONFIRM http://support.apple.com/kb/HT3438
APPLE APPLE-SA-2008-09-09
APPLE APPLE-SA-2008-09-12
APPLE APPLE-SA-2009-02-12
FEDORA FEDORA-2008-5425
FEDORA FEDORA-2008-5430
GENTOO GLSA-200806-10
GENTOO GLSA-201209-25
MANDRIVA MDVSA-2008:121
REDHAT RHSA-2008:0556
REDHAT RHSA-2008:0558
SUNALERT 239006
SUSE SUSE-SR:2008:014
UBUNTU USN-643-1
BID 29641
OVAL oval:org.mitre.oval:def:9767
VUPEN ADV-2008-1794
VUPEN ADV-2008-1876
VUPEN ADV-2008-2423
VUPEN ADV-2008-2466
VUPEN ADV-2008-2558
VUPEN ADV-2008-2525
SECTRACK 1020239
SECUNIA 30600
SECUNIA 30740
SECUNIA 30766
SECUNIA 30721
SECUNIA 30821
SECUNIA 30819
SECUNIA 30967
SECUNIA 31707
SECUNIA 31709
SECUNIA 31711
SECUNIA 31712
SECUNIA 31856
SECUNIA 31900
SECUNIA 31823
SECUNIA 31577
SECUNIA 31479
SECUNIA 33937