Lucene search

K
redhatRedHatRHSA-2008:0556
HistoryJun 20, 2008 - 12:00 a.m.

(RHSA-2008:0556) Important: freetype security update

2008-06-2000:00:00
access.redhat.com
14

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.021 Low

EPSS

Percentile

87.8%

FreeType is a free, high-quality, portable font engine that can open and
manage font files, as well as efficiently load, hint and render individual
glyphs.

Multiple flaws were discovered in FreeType’s Printer Font Binary (PFB)
font-file format parser. If a user loaded a carefully crafted font-file
with a program linked against FreeType, it could cause the application to
crash, or possibly execute arbitrary code. (CVE-2008-1806, CVE-2008-1807,
CVE-2008-1808)

Note: the flaw in FreeType’s TrueType Font (TTF) font-file format parser,
covered by CVE-2008-1808, did not affect the freetype packages as shipped
in Red Hat Enterprise Linux 3, 4, and 5, as they are not compiled with TTF
Byte Code Interpreter (BCI) support.

Users of freetype should upgrade to these updated packages, which contain
backported patches to resolve these issues.

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.021 Low

EPSS

Percentile

87.8%