// For flags

CVE-2008-1807

FreeType invalid free() flaw

Severity Score

7.5
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via an invalid "number of axes" field in a Printer Font Binary (PFB) file, which triggers a free of arbitrary memory locations, leading to memory corruption.

FreeType2 versiones anteriores a 2.3.6 permite a atacantes dependientes de contexto ejecutar código de su elección a través de un campo "número de axes" inválido en un fichero Printer Font Binary (PFB), lo cual dispara una liberación de localizaciones de memoria de su elección, provocando corrupción de memoria.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2008-04-15 CVE Reserved
  • 2008-06-11 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-11-18 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-189: Numeric Errors
CAPEC
References (58)
URL Tag Source
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=716 Third Party Advisory
http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html Mailing List
http://secunia.com/advisories/30721 Third Party Advisory
http://secunia.com/advisories/30740 Third Party Advisory
http://secunia.com/advisories/30766 Third Party Advisory
http://secunia.com/advisories/30819 Third Party Advisory
http://secunia.com/advisories/30821 Third Party Advisory
http://secunia.com/advisories/30967 Third Party Advisory
http://secunia.com/advisories/31479 Third Party Advisory
http://secunia.com/advisories/31577 Third Party Advisory
http://secunia.com/advisories/31707 Third Party Advisory
http://secunia.com/advisories/31709 Third Party Advisory
http://secunia.com/advisories/31711 Third Party Advisory
http://secunia.com/advisories/31712 Third Party Advisory
http://secunia.com/advisories/31823 Third Party Advisory
http://secunia.com/advisories/31856 Third Party Advisory
http://secunia.com/advisories/31900 Third Party Advisory
http://secunia.com/advisories/33937 Third Party Advisory
http://securitytracker.com/id?1020239 Vdb Entry
http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=605780 X_refsource_misc
http://support.apple.com/kb/HT3026 X_refsource_confirm
http://support.apple.com/kb/HT3129 X_refsource_confirm
http://support.apple.com/kb/HT3438 X_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2008-318.htm X_refsource_confirm
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0255 X_refsource_confirm
http://www.securityfocus.com/archive/1/495497/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/495869/100/0/threaded Mailing List
http://www.securityfocus.com/bid/29641 Vdb Entry
http://www.vmware.com/security/advisories/VMSA-2008-0014.html X_refsource_confirm
http://www.vmware.com/support/player/doc/releasenotes_player.html X_refsource_confirm
http://www.vmware.com/support/player2/doc/releasenotes_player2.html X_refsource_confirm
http://www.vmware.com/support/server/doc/releasenotes_server.html X_refsource_confirm
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html X_refsource_confirm
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html X_refsource_confirm
http://www.vupen.com/english/advisories/2008/1794 Vdb Entry
http://www.vupen.com/english/advisories/2008/1876/references Vdb Entry
http://www.vupen.com/english/advisories/2008/2423 Vdb Entry
http://www.vupen.com/english/advisories/2008/2466 Vdb Entry
http://www.vupen.com/english/advisories/2008/2525 Vdb Entry
http://www.vupen.com/english/advisories/2008/2558 Vdb Entry
https://issues.rpath.com/browse/RPL-2608 X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9767 Signature
URL Date SRC
URL Date SRC
URL Date SRC
http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html 2018-10-11
http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html 2018-10-11
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html 2018-10-11
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html 2018-10-11
http://secunia.com/advisories/30600 2018-10-11
http://security.gentoo.org/glsa/glsa-200806-10.xml 2018-10-11
http://security.gentoo.org/glsa/glsa-201209-25.xml 2018-10-11
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239006-1 2018-10-11
http://www.mandriva.com/security/advisories?name=MDVSA-2008:121 2018-10-11
http://www.redhat.com/support/errata/RHSA-2008-0556.html 2018-10-11
http://www.redhat.com/support/errata/RHSA-2008-0558.html 2018-10-11
http://www.ubuntu.com/usn/usn-643-1 2018-10-11
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00717.html 2018-10-11
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00721.html 2018-10-11
https://access.redhat.com/security/cve/CVE-2008-1807 2008-06-20
https://bugzilla.redhat.com/show_bug.cgi?id=450773 2008-06-20
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Freetype
Search vendor "Freetype"
 Freetype
Search vendor "Freetype" for product "Freetype"
 1.3.1
Search vendor "Freetype" for product "Freetype" and version "1.3.1"
-
Affected
Freetype
Search vendor "Freetype"
 Freetype
Search vendor "Freetype" for product "Freetype"
 2.3.3
Search vendor "Freetype" for product "Freetype" and version "2.3.3"
-
Affected
Freetype
Search vendor "Freetype"
 Freetype
Search vendor "Freetype" for product "Freetype"
 2.3.4
Search vendor "Freetype" for product "Freetype" and version "2.3.4"
-
Affected
Freetype
Search vendor "Freetype"
 Freetype
Search vendor "Freetype" for product "Freetype"
 2.3.5
Search vendor "Freetype" for product "Freetype" and version "2.3.5"
-
Affected