Lucene search

[email protected]NVD:CVE-2008-1807

HistoryJun 16, 2008 - 7:41 p.m.

CVE-2008-1807

2008-06-1619:41:00

CWE-189

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

High

0.028 Low

EPSS

Percentile

90.7%

JSON

FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via an invalid “number of axes” field in a Printer Font Binary (PFB) file, which triggers a free of arbitrary memory locations, leading to memory corruption.

Affected configurations

NVD

Node

freetypefreetypeMatch1.3.1

freetypefreetypeMatch2.3.3

freetypefreetypeMatch2.3.4

freetypefreetypeMatch2.3.5

References

labs.idefense.com/intelligence/vulnerabilities/display.php?id=716

lists.apple.com/archives/security-announce//2008/Sep/msg00003.html

lists.apple.com/archives/security-announce//2008/Sep/msg00004.html

lists.apple.com/archives/security-announce/2009/Feb/msg00000.html

lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html

lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html

secunia.com/advisories/30600

secunia.com/advisories/30721

secunia.com/advisories/30740

secunia.com/advisories/30766

secunia.com/advisories/30819

secunia.com/advisories/30821

secunia.com/advisories/30967

secunia.com/advisories/31479

secunia.com/advisories/31577

secunia.com/advisories/31707

secunia.com/advisories/31709

secunia.com/advisories/31711

secunia.com/advisories/31712

secunia.com/advisories/31823

secunia.com/advisories/31856

secunia.com/advisories/31900

secunia.com/advisories/33937

security.gentoo.org/glsa/glsa-200806-10.xml

security.gentoo.org/glsa/glsa-201209-25.xml

securitytracker.com/id?1020239

sourceforge.net/project/shownotes.php?group_id=3157&release_id=605780

sunsolve.sun.com/search/document.do?assetkey=1-26-239006-1

support.apple.com/kb/HT3026

support.apple.com/kb/HT3129

support.apple.com/kb/HT3438

support.avaya.com/elmodocs2/security/ASA-2008-318.htm

wiki.rpath.com/wiki/Advisories:rPSA-2008-0255

www.mandriva.com/security/advisories?name=MDVSA-2008:121

www.redhat.com/support/errata/RHSA-2008-0556.html

www.redhat.com/support/errata/RHSA-2008-0558.html

www.securityfocus.com/archive/1/495497/100/0/threaded

www.securityfocus.com/archive/1/495869/100/0/threaded

www.securityfocus.com/bid/29641

www.ubuntu.com/usn/usn-643-1

www.vmware.com/security/advisories/VMSA-2008-0014.html

www.vmware.com/support/player/doc/releasenotes_player.html

www.vmware.com/support/player2/doc/releasenotes_player2.html

www.vmware.com/support/server/doc/releasenotes_server.html

www.vmware.com/support/ws55/doc/releasenotes_ws55.html

www.vmware.com/support/ws6/doc/releasenotes_ws6.html

www.vupen.com/english/advisories/2008/1794

www.vupen.com/english/advisories/2008/1876/references

www.vupen.com/english/advisories/2008/2423

www.vupen.com/english/advisories/2008/2466

www.vupen.com/english/advisories/2008/2525

www.vupen.com/english/advisories/2008/2558

issues.rpath.com/browse/RPL-2608

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9767

www.redhat.com/archives/fedora-package-announce/2008-June/msg00717.html

www.redhat.com/archives/fedora-package-announce/2008-June/msg00721.html

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

High

0.028 Low

EPSS

Percentile

90.7%

JSON

Related for NVD:CVE-2008-1807

cve1 securityvulns4 cvelist1 ubuntucve1 veracode1 prion1 debiancve1 nessus16 openvas33 centos2 freebsd1 redhat2 fedora2 oraclelinux1 debian1 osv1 gentoo2 ubuntu1 vmware2