CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
90.7%
CentOS Errata and Security Advisory CESA-2008:0556
FreeType is a free, high-quality, portable font engine that can open and
manage font files, as well as efficiently load, hint and render individual
glyphs.
Multiple flaws were discovered in FreeType’s Printer Font Binary (PFB)
font-file format parser. If a user loaded a carefully crafted font-file
with a program linked against FreeType, it could cause the application to
crash, or possibly execute arbitrary code. (CVE-2008-1806, CVE-2008-1807,
CVE-2008-1808)
Note: the flaw in FreeType’s TrueType Font (TTF) font-file format parser,
covered by CVE-2008-1808, did not affect the freetype packages as shipped
in Red Hat Enterprise Linux 3, 4, and 5, as they are not compiled with TTF
Byte Code Interpreter (BCI) support.
Users of freetype should upgrade to these updated packages, which contain
backported patches to resolve these issues.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2008-June/077154.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077155.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077156.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077157.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077158.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077159.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077162.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077163.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077168.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077169.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077186.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077187.html
https://lists.centos.org/pipermail/centos-announce/2008-June/089967.html
https://lists.centos.org/pipermail/centos-announce/2008-June/089968.html
https://lists.centos.org/pipermail/centos-announce/2008-June/089969.html
https://lists.centos.org/pipermail/centos-announce/2008-June/089970.html
Affected packages:
freetype
freetype-demos
freetype-devel
freetype-utils
Upstream details at:
https://access.redhat.com/errata/RHSA-2008:0556
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 3 | i386 | freetype | < 2.1.4-8.el3 | freetype-2.1.4-8.el3.i386.rpm |
CentOS | 3 | i386 | freetype-devel | < 2.1.4-8.el3 | freetype-devel-2.1.4-8.el3.i386.rpm |
CentOS | 3 | i386 | freetype-demos | < 2.1.4-8.el3 | freetype-demos-2.1.4-8.el3.i386.rpm |
CentOS | 3 | i386 | freetype-utils | < 2.1.4-8.el3 | freetype-utils-2.1.4-8.el3.i386.rpm |
CentOS | 3 | i386 | freetype | < 2.1.4-8.el3 | freetype-2.1.4-8.el3.i386.rpm |
CentOS | 3 | x86_64 | freetype | < 2.1.4-8.el3 | freetype-2.1.4-8.el3.x86_64.rpm |
CentOS | 3 | x86_64 | freetype-devel | < 2.1.4-8.el3 | freetype-devel-2.1.4-8.el3.x86_64.rpm |
CentOS | 3 | x86_64 | freetype-demos | < 2.1.4-8.el3 | freetype-demos-2.1.4-8.el3.x86_64.rpm |
CentOS | 3 | x86_64 | freetype-utils | < 2.1.4-8.el3 | freetype-utils-2.1.4-8.el3.x86_64.rpm |
CentOS | 3 | ia64 | freetype | < 2.1.4-8.el3 | freetype-2.1.4-8.el3.ia64.rpm |