CVE-2008-1808 – FreeType off-by-one flaws
https://notcve.org/view.php?id=CVE-2008-1808
Multiple off-by-one errors in FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via (1) a crafted table in a Printer Font Binary (PFB) file or (2) a crafted SHC instruction in a TrueType Font (TTF) file, which triggers a heap-based buffer overflow. Múltiples errores de superación de límite (off-by-one) en FreeType2 antes de 2.3.6 permite a atacantes dependientes del contexto ejecutar código arbitrario mediante (1) una tabla manipulada en un archivo Printer Font Binary (PFB) o (2) una instrucción SHC manipulada en un archivo TrueType Font (TTF), lo que dispara un desbordamiento de búfer basado en montículo. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=717 http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html http://secunia.com/advisories/30600 http://secunia& • CWE-189: Numeric Errors CWE-193: Off-by-one Error •
CVE-2008-1807 – FreeType invalid free() flaw
https://notcve.org/view.php?id=CVE-2008-1807
FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via an invalid "number of axes" field in a Printer Font Binary (PFB) file, which triggers a free of arbitrary memory locations, leading to memory corruption. FreeType2 versiones anteriores a 2.3.6 permite a atacantes dependientes de contexto ejecutar código de su elección a través de un campo "número de axes" inválido en un fichero Printer Font Binary (PFB), lo cual dispara una liberación de localizaciones de memoria de su elección, provocando corrupción de memoria. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=716 http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html http://secunia.com/advisories/30600 http://secunia& • CWE-189: Numeric Errors •
CVE-2008-1806 – FreeType PFB integer overflow
https://notcve.org/view.php?id=CVE-2008-1806
Integer overflow in FreeType2 before 2.3.6 allows context-dependent attackers to execute arbitrary code via a crafted set of 16-bit length values within the Private dictionary table in a Printer Font Binary (PFB) file, which triggers a heap-based buffer overflow. Desbordamiento de entero en FreeType2 anterior a 2.3.6, permite a atacantes dependientes del contexto ejecutar código arbitrario a través de un set de valores manipulados de un tamaño 16-bit dentro de la tabla de diccionario Private en un archivo Printer Font Binary (PFB), lo que provoca un desbordamiento de búfer basado en montículo. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=715 http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html http://secunia.com/advisories/30600 http://secunia& • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •