// For flags

CVE-2008-1806

FreeType PFB integer overflow

Severity Score

7.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Integer overflow in FreeType2 before 2.3.6 allows context-dependent attackers to execute arbitrary code via a crafted set of 16-bit length values within the Private dictionary table in a Printer Font Binary (PFB) file, which triggers a heap-based buffer overflow.

Desbordamiento de entero en FreeType2 anterior a 2.3.6, permite a atacantes dependientes del contexto ejecutar código arbitrario a través de un set de valores manipulados de un tamaño 16-bit dentro de la tabla de diccionario Private en un archivo Printer Font Binary (PFB), lo que provoca un desbordamiento de búfer basado en montículo.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2008-04-15 CVE Reserved
  • 2008-06-16 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-189: Numeric Errors
  • CWE-190: Integer Overflow or Wraparound
CAPEC
References (58)
URL Tag Source
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=715 Third Party Advisory
http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html Mailing List
http://secunia.com/advisories/30721 Third Party Advisory
http://secunia.com/advisories/30740 Third Party Advisory
http://secunia.com/advisories/30766 Third Party Advisory
http://secunia.com/advisories/30819 Third Party Advisory
http://secunia.com/advisories/30821 Third Party Advisory
http://secunia.com/advisories/30967 Third Party Advisory
http://secunia.com/advisories/31479 Third Party Advisory
http://secunia.com/advisories/31577 Third Party Advisory
http://secunia.com/advisories/31707 Third Party Advisory
http://secunia.com/advisories/31709 Third Party Advisory
http://secunia.com/advisories/31711 Third Party Advisory
http://secunia.com/advisories/31712 Third Party Advisory
http://secunia.com/advisories/31823 Third Party Advisory
http://secunia.com/advisories/31856 Third Party Advisory
http://secunia.com/advisories/31900 Third Party Advisory
http://secunia.com/advisories/33937 Third Party Advisory
http://securitytracker.com/id?1020238 Vdb Entry
http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=605780 X_refsource_misc
http://support.apple.com/kb/HT3026 X_refsource_confirm
http://support.apple.com/kb/HT3129 X_refsource_confirm
http://support.apple.com/kb/HT3438 X_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2008-318.htm X_refsource_confirm
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0255 X_refsource_confirm
http://www.securityfocus.com/archive/1/495497/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/495869/100/0/threaded Mailing List
http://www.vmware.com/security/advisories/VMSA-2008-0014.html X_refsource_confirm
http://www.vmware.com/support/player/doc/releasenotes_player.html X_refsource_confirm
http://www.vmware.com/support/player2/doc/releasenotes_player2.html X_refsource_confirm
http://www.vmware.com/support/server/doc/releasenotes_server.html X_refsource_confirm
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html X_refsource_confirm
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html X_refsource_confirm
http://www.vupen.com/english/advisories/2008/1794 Vdb Entry
http://www.vupen.com/english/advisories/2008/1876/references Vdb Entry
http://www.vupen.com/english/advisories/2008/2423 Vdb Entry
http://www.vupen.com/english/advisories/2008/2466 Vdb Entry
http://www.vupen.com/english/advisories/2008/2525 Vdb Entry
http://www.vupen.com/english/advisories/2008/2558 Vdb Entry
https://issues.rpath.com/browse/RPL-2608 X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9321 Signature
URL Date SRC
URL Date SRC
http://www.securityfocus.com/bid/29640 2018-10-11
URL Date SRC
http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html 2018-10-11
http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html 2018-10-11
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html 2018-10-11
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html 2018-10-11
http://secunia.com/advisories/30600 2018-10-11
http://security.gentoo.org/glsa/glsa-200806-10.xml 2018-10-11
http://security.gentoo.org/glsa/glsa-201209-25.xml 2018-10-11
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239006-1 2018-10-11
http://www.mandriva.com/security/advisories?name=MDVSA-2008:121 2018-10-11
http://www.redhat.com/support/errata/RHSA-2008-0556.html 2018-10-11
http://www.redhat.com/support/errata/RHSA-2008-0558.html 2018-10-11
http://www.ubuntu.com/usn/usn-643-1 2018-10-11
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00717.html 2018-10-11
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00721.html 2018-10-11
https://access.redhat.com/security/cve/CVE-2008-1806 2008-06-20
https://bugzilla.redhat.com/show_bug.cgi?id=450768 2008-06-20
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Freetype
Search vendor "Freetype"
 Freetype
Search vendor "Freetype" for product "Freetype"
 1.3.1
Search vendor "Freetype" for product "Freetype" and version "1.3.1"
-
Affected
Freetype
Search vendor "Freetype"
 Freetype
Search vendor "Freetype" for product "Freetype"
 2.3.3
Search vendor "Freetype" for product "Freetype" and version "2.3.3"
-
Affected
Freetype
Search vendor "Freetype"
 Freetype
Search vendor "Freetype" for product "Freetype"
 2.3.4
Search vendor "Freetype" for product "Freetype" and version "2.3.4"
-
Affected
Freetype
Search vendor "Freetype"
 Freetype
Search vendor "Freetype" for product "Freetype"
 2.3.5
Search vendor "Freetype" for product "Freetype" and version "2.3.5"
-
Affected