FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-1808

This CVE name corresponds to:

Entered Topic
2008-07-03 FreeType 2 -- Multiple Vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2008-1808
Phase Assigned(20080415)

Description

Multiple off-by-one errors in FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via (1) a crafted table in a Printer Font Binary (PFB) file or (2) a crafted SHC instruction in a TrueType Font (TTF) file, which triggers a heap-based buffer overflow.

References

Source Reference
IDEFENSE 20080610 Multiple Vendor FreeType2 Multiple Heap Overflow Vulnerabilities
BUGTRAQ 20080814 rPSA-2008-0255-1 freetype
BUGTRAQ 20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.
FULLDISC 20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.
MISC http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=605780
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2008-318.htm
CONFIRM http://www.vmware.com/support/player/doc/releasenotes_player.html
CONFIRM http://www.vmware.com/support/player2/doc/releasenotes_player2.html
CONFIRM http://www.vmware.com/support/server/doc/releasenotes_server.html
CONFIRM http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
CONFIRM http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
CONFIRM http://www.vmware.com/security/advisories/VMSA-2008-0014.html
CONFIRM http://support.apple.com/kb/HT3129
CONFIRM http://support.apple.com/kb/HT3026
CONFIRM http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0255
CONFIRM https://issues.rpath.com/browse/RPL-2608
CONFIRM http://support.apple.com/kb/HT3438
APPLE APPLE-SA-2008-09-09
APPLE APPLE-SA-2008-09-12
APPLE APPLE-SA-2009-02-12
FEDORA FEDORA-2008-5425
FEDORA FEDORA-2008-5430
GENTOO GLSA-200806-10
GENTOO GLSA-201209-25
MANDRIVA MDVSA-2008:121
REDHAT RHSA-2008:0556
REDHAT RHSA-2008:0558
REDHAT RHSA-2009:0329
SUNALERT 239006
SUSE SUSE-SR:2008:014
UBUNTU USN-643-1
BID 29637
BID 29639
OVAL oval:org.mitre.oval:def:11188
SECUNIA 35204
VUPEN ADV-2008-1794
VUPEN ADV-2008-1876
VUPEN ADV-2008-2423
VUPEN ADV-2008-2466
VUPEN ADV-2008-2558
VUPEN ADV-2008-2525
SECTRACK 1020240
SECUNIA 30600
SECUNIA 30740
SECUNIA 30766
SECUNIA 30721
SECUNIA 30821
SECUNIA 30819
SECUNIA 30967
SECUNIA 31707
SECUNIA 31709
SECUNIA 31711
SECUNIA 31712
SECUNIA 31856
SECUNIA 31900
SECUNIA 31823
SECUNIA 31577
SECUNIA 31479
SECUNIA 33937