Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1807

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-1807
Last Modified 14 May 2013 10:40:11
Published 16 Jun 2008 03:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-1807

Summary

FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via an invalid "number of axes" field in a Printer Font Binary (PFB) file, which triggers a free of arbitrary memory locations, leading to memory corruption.

Vulnerable Systems

Application

  • Freetype 1.3.1

  • Freetype 2.3.3

  • Freetype 2.3.4

  • Freetype 2.3.5


References

FEDORA - FEDORA-2008-5430

FEDORA - FEDORA-2008-5425

CONFIRM - https://issues.rpath.com/browse/RPL-2608

VUPEN - ADV-2008-2558

VUPEN - ADV-2008-2525

VUPEN - ADV-2008-2466

VUPEN - ADV-2008-2423

VUPEN - ADV-2008-1876

VUPEN - ADV-2008-1794

CONFIRM - http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html

CONFIRM - http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html

CONFIRM - http://www.vmware.com/support/server/doc/releasenotes_server.html

CONFIRM - http://www.vmware.com/support/player2/doc/releasenotes_player2.html

CONFIRM - http://www.vmware.com/support/player/doc/releasenotes_player.html

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2008-0014.html

UBUNTU - USN-643-1

BID - 29641

BUGTRAQ - 20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.

BUGTRAQ - 20080814 rPSA-2008-0255-1 freetype

REDHAT - RHSA-2008:0558

REDHAT - RHSA-2008:0556

MANDRIVA - MDVSA-2008:121

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0255

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2008-318.htm

CONFIRM - http://support.apple.com/kb/HT3438

CONFIRM - http://support.apple.com/kb/HT3129

CONFIRM - http://support.apple.com/kb/HT3026

SUNALERT - 239006

MISC - http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=605780

SECTRACK - 1020239

GENTOO - GLSA-200806-10

SECUNIA - 33937

SECUNIA - 31900

SECUNIA - 31856

SECUNIA - 31823

SECUNIA - 31712

SECUNIA - 31711

SECUNIA - 31709

SECUNIA - 31707

SECUNIA - 31577

SECUNIA - 31479

SECUNIA - 30967

SECUNIA - 30821

SECUNIA - 30819

SECUNIA - 30766

SECUNIA - 30740

SECUNIA - 30721

SECUNIA - 30600

SUSE - SUSE-SR:2008:014

APPLE - APPLE-SA-2009-02-12

APPLE - APPLE-SA-2008-09-12

APPLE - APPLE-SA-2008-09-09

IDEFENSE - 20080610 Multiple Vendor FreeType2 PFB Memory Corruption Vulnerability

GENTOO - GLSA-201209-25

Related Patches

Apple 2009-02-12 Security Update 2009-001 Server (Tiger PPC)

Apple 2009-02-12 Security Update 2009-001 (Tiger PPC)

Apple 2009-02-12 Security Update 2009-001 Server (Tiger Intel)

Apple 2009-02-12 Security Update 2009-001 (Tiger Intel)

VMware VMSA-2008-0014.3 VMware Workstation 6.5.1 for Windows (Update) (All Languages) (See Notes) (Rev 2)

VMware VMSA-2008-0014.3 VMware Server 2.0 for Windows (Update) (All Languages) (See Notes) (Rev 3)

VMware VMSA-2008-0014.3 VMware Player 2.5.1 for Windows (Update) (All Languages) (Rev 2)


Last Updated: 27 May 2016 10:49:54