Lucene search

PRIOn knowledge basePRION:CVE-2008-1806

HistoryJun 16, 2008 - 7:41 p.m.

Integer overflow

2008-06-1619:41:00

PRIOn knowledge base

www.prio-n.com

7.7 High

AI Score

Confidence

Low

0.02 Low

EPSS

Percentile

89.0%

JSON

Integer overflow in FreeType2 before 2.3.6 allows context-dependent attackers to execute arbitrary code via a crafted set of 16-bit length values within the Private dictionary table in a Printer Font Binary (PFB) file, which triggers a heap-based buffer overflow.

CPENameOperatorVersion
freetypeeq2.3.4
freetypeeq2.3.5
freetypeeq1.3.1
freetypeeq2.3.3

Name	Operator	Version
freetype	eq	2.3.4
freetype	eq	2.3.5
freetype	eq	1.3.1
freetype	eq	2.3.3

References

labs.idefense.com/intelligence/vulnerabilities/display.php?id=715

lists.apple.com/archives/security-announce//2008/Sep/msg00003.html

lists.apple.com/archives/security-announce//2008/Sep/msg00004.html

lists.apple.com/archives/security-announce/2009/Feb/msg00000.html

lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html

lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html

secunia.com/advisories/30600

secunia.com/advisories/30721

secunia.com/advisories/30740

secunia.com/advisories/30766

secunia.com/advisories/30819

secunia.com/advisories/30821

secunia.com/advisories/30967

secunia.com/advisories/31479

secunia.com/advisories/31577

secunia.com/advisories/31707

secunia.com/advisories/31709

secunia.com/advisories/31711

secunia.com/advisories/31712

secunia.com/advisories/31823

secunia.com/advisories/31856

secunia.com/advisories/31900

secunia.com/advisories/33937

security.gentoo.org/glsa/glsa-200806-10.xml

security.gentoo.org/glsa/glsa-201209-25.xml

securitytracker.com/id?1020238

sourceforge.net/project/shownotes.php?group_id=3157&release_id=605780

sunsolve.sun.com/search/document.do?assetkey=1-26-239006-1

support.apple.com/kb/HT3026

support.apple.com/kb/HT3129

support.apple.com/kb/HT3438

support.avaya.com/elmodocs2/security/ASA-2008-318.htm

wiki.rpath.com/wiki/Advisories:rPSA-2008-0255

www.mandriva.com/security/advisories?name=MDVSA-2008:121

www.redhat.com/support/errata/RHSA-2008-0556.html

www.redhat.com/support/errata/RHSA-2008-0558.html

www.securityfocus.com/archive/1/495497/100/0/threaded

www.securityfocus.com/archive/1/495869/100/0/threaded

www.securityfocus.com/bid/29640

www.ubuntu.com/usn/usn-643-1

www.vmware.com/security/advisories/VMSA-2008-0014.html

www.vmware.com/support/player/doc/releasenotes_player.html

www.vmware.com/support/player2/doc/releasenotes_player2.html

www.vmware.com/support/server/doc/releasenotes_server.html

www.vmware.com/support/ws55/doc/releasenotes_ws55.html

www.vmware.com/support/ws6/doc/releasenotes_ws6.html

www.vupen.com/english/advisories/2008/1794

www.vupen.com/english/advisories/2008/1876/references

www.vupen.com/english/advisories/2008/2423

www.vupen.com/english/advisories/2008/2466

www.vupen.com/english/advisories/2008/2525

www.vupen.com/english/advisories/2008/2558

issues.rpath.com/browse/RPL-2608

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9321

www.redhat.com/archives/fedora-package-announce/2008-June/msg00717.html

www.redhat.com/archives/fedora-package-announce/2008-June/msg00721.html