CVSS: 7.5EPSS: 2%CPEs: 12EXPL: 0CVE-2008-1808 – FreeType off-by-one flaws
https://notcve.org/view.php?id=CVE-2008-1808
Multiple off-by-one errors in FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via (1) a crafted table in a Printer Font Binary (PFB) file or (2) a crafted SHC instruction in a TrueType Font (TTF) file, which triggers a heap-based buffer overflow. Múltiples errores de superación de límite (off-by-one) en FreeType2 antes de 2.3.6 permite a atacantes dependientes del contexto ejecutar código arbitrario mediante (1) una tabla manipulada en un archivo Printer Font Binary (PFB) o (2) una instrucción SHC manipulada en un archivo TrueType Font (TTF), lo que dispara un desbordamiento de búfer basado en montículo. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=717 http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html http://secunia.com/advisories/30600 http://secunia& • CWE-189: Numeric Errors CWE-193: Off-by-one Error •
CVSS: 7.5EPSS: 2%CPEs: 4EXPL: 0CVE-2008-1807 – FreeType invalid free() flaw
https://notcve.org/view.php?id=CVE-2008-1807
FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via an invalid "number of axes" field in a Printer Font Binary (PFB) file, which triggers a free of arbitrary memory locations, leading to memory corruption. FreeType2 versiones anteriores a 2.3.6 permite a atacantes dependientes de contexto ejecutar código de su elección a través de un campo "número de axes" inválido en un fichero Printer Font Binary (PFB), lo cual dispara una liberación de localizaciones de memoria de su elección, provocando corrupción de memoria. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=716 http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html http://secunia.com/advisories/30600 http://secunia& • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 2%CPEs: 4EXPL: 0CVE-2008-1806 – FreeType PFB integer overflow
https://notcve.org/view.php?id=CVE-2008-1806
Integer overflow in FreeType2 before 2.3.6 allows context-dependent attackers to execute arbitrary code via a crafted set of 16-bit length values within the Private dictionary table in a Printer Font Binary (PFB) file, which triggers a heap-based buffer overflow. Desbordamiento de entero en FreeType2 anterior a 2.3.6, permite a atacantes dependientes del contexto ejecutar código arbitrario a través de un set de valores manipulados de un tamaño 16-bit dentro de la tabla de diccionario Private en un archivo Printer Font Binary (PFB), lo que provoca un desbordamiento de búfer basado en montículo. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=715 http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html http://secunia.com/advisories/30600 http://secunia& • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3506
https://notcve.org/view.php?id=CVE-2007-3506
The ft_bitmap_assure_buffer function in src/base/ftbimap.c in FreeType 2.3.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors involving bitmap fonts, related to a "memory buffer overwrite bug." La función ft_bitmap_assure_buffer en src/base/ftbimap.c de FreeType 2.3.3 permite a atacantes remotos dependientes del contexto provocar una denegación de servicio y posiblemente ejecutar código de su elección mediante vectores no especificados que implican fuentes de mapas de bits, relacionado con "fallo de sobrescritura de memoria de búfer". • http://cvs.savannah.nongnu.org/viewvc/freetype2/src/base/ftbitmap.c?root=freetype&r1=1.17&r2=1.18 http://savannah.nongnu.org/bugs/index.php?19536 http://secunia.com/advisories/25884 http://www.securityfocus.com/bid/24708 https://sourceforge.net/project/shownotes.php?group_id=3157&release_id=499970 •
CVSS: 6.8EPSS: 62%CPEs: 1EXPL: 2CVE-2007-2754 – freetype integer overflow
https://notcve.org/view.php?id=CVE-2007-2754
Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overflow. Error de presencia de signo en entero en truetype/ttgload.c de Freetype 2.3.4 y versiones anteriores podría permitir a atacantes remotos ejecutar código de su elección mediante una imagen TTF manipulada con un valor n_points negativo, lo que conduce a un desbordamiento de entero y desbordamiento de búfer basado en montículo. • ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc http://cvs.savannah.nongnu.org/viewvc/freetype2/src/truetype/ttgload.c?root=freetype&r1=1.177&r2=1.178 http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://lists.gnu.org/archive/html/freetype-devel/2007-04/msg00041.html http://osvdb.org/36509 http://secunia.com/advisories/25350 http://secunia.com/advisories&# • CWE-190: Integer Overflow or Wraparound •