what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

CVE-2008-1807

Status Candidate

Overview

FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via an invalid "number of axes" field in a Printer Font Binary (PFB) file, which triggers a free of arbitrary memory locations, leading to memory corruption.

Related Files

Gentoo Linux Security Advisory 201209-25
Posted Sep 30, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201209-25 - Multiple vulnerabilities have been found in VMware Player, Server, and Workstation, allowing remote and local attackers to conduct several attacks, including privilege escalation, remote execution of arbitrary code, and a Denial of Service.

tags | advisory, remote, denial of service, arbitrary, local, vulnerability
systems | linux, gentoo
advisories | CVE-2007-5269, CVE-2007-5503, CVE-2007-5671, CVE-2008-0967, CVE-2008-1340, CVE-2008-1361, CVE-2008-1362, CVE-2008-1363, CVE-2008-1364, CVE-2008-1392, CVE-2008-1447, CVE-2008-1806, CVE-2008-1807, CVE-2008-1808, CVE-2008-2098, CVE-2008-2100, CVE-2008-2101, CVE-2008-4915, CVE-2008-4916, CVE-2008-4917, CVE-2009-0040, CVE-2009-0909, CVE-2009-0910, CVE-2009-1244, CVE-2009-2267, CVE-2009-3707, CVE-2009-3732, CVE-2009-3733
SHA-256 | 69658d66093686eada54ad82e7c69c212f082445ebab3cf082f1e1fbc3b98de1
Mandriva Linux Security Advisory 2008-121
Posted Oct 31, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Multiple vulnerabilities were discovered in FreeType's Printer Font Binary (PFB) font-file format parser. If a user were to load a carefully crafted font file with a program linked against FreeType, it could cause the application to crash or potentially execute arbitrary code. The updated packages have been patched to prevent this issue. The patches used to correct the problem on Corporate Server 4.0 and Corporate 3.0 contained a problem where certain fonts would not be displayed and would cause applications, such as drakfont, to crash. This update corrects the regression.

tags | advisory, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2008-1806, CVE-2008-1807, CVE-2008-1808
SHA-256 | e1196696c73c394dbf50e0a49b97c9f35c40bd02c8e77f3cb912fcb4250312f3
Ubuntu Security Notice 643-1
Posted Sep 11, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 643-1 - Multiple flaws were discovered in the PFB and TTF font handling code in freetype. If a user were tricked into using a specially crafted font file, a remote attacker could execute arbitrary code with user privileges or cause the application linked against freetype to crash, leading to a denial of service.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2008-1806, CVE-2008-1807, CVE-2008-1808
SHA-256 | 92fa750f501d9838dabc54d77709b4f63b5f2d0348bb483e0510e3894c95d74f
Debian Linux Security Advisory 1635-1
Posted Sep 11, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1635-1 - Several local vulnerabilities have been discovered in freetype, a FreeType 2 font engine, which could allow the execution of arbitrary code.

tags | advisory, arbitrary, local, vulnerability
systems | linux, debian
advisories | CVE-2008-1806, CVE-2008-1807, CVE-2008-1808
SHA-256 | 61f0b4ba79682e645ff528e317d38d3edf965e04d6ade5dd6922f4a7adb56558
VMware Security Advisory 2008-0014
Posted Aug 31, 2008
Authored by VMware | Site vmware.com

VMware Security Advisory - Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.

tags | advisory, info disclosure
advisories | CVE-2008-2101, CVE-2007-5269, CVE-2008-1447, CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, CVE-2007-5438, CVE-2008-3696, CVE-2008-3697, CVE-2008-3698, CVE-2008-1806, CVE-2008-1807, CVE-2008-1808, CVE-2007-5503
SHA-256 | cf33ed983d59f3fe21ba66fc27682e8a073a9ba1d0031e69d9302bd25acc6efd
Gentoo Linux Security Advisory 200806-10
Posted Jun 24, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200806-10 - Font parsing vulnerabilities in FreeType might lead to user-assisted execution of arbitrary code. Versions less than 2.3.6 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2008-1806, CVE-2008-1807, CVE-2008-1808
SHA-256 | 192e51ee4e89c52295f21eb2bbf5f64d1090fe9dbb7292741881aadfd08f2702
Mandriva Linux Security Advisory 2008-121
Posted Jun 23, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Multiple vulnerabilities were discovered in FreeType's Printer Font Binary (PFB) font-file format parser. If a user were to load a carefully crafted font file with a program linked against FreeType, it could cause the application to crash or potentially execute arbitrary code.

tags | advisory, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2008-1806, CVE-2008-1807, CVE-2008-1808
SHA-256 | 8a997da76705d0c8b0d88bbaa3c54c87eb409fd1227e5740fe0a9fc96249abbc
iDEFENSE Security Advisory 2008-06-10.3
Posted Jun 11, 2008
Authored by iDefense Labs, regenrecht | Site idefense.com

iDefense Security Advisory 06.10.08 - Remote exploitation of a memory corruption vulnerability in the FreeType2 library, as included in various vendors' operating systems, could allow an attacker to execute arbitrary code with the privileges of the affected application. iDefense has confirmed the existence of this vulnerability in FreeType2 version 2.3.5. Previous versions may also be affected.

tags | advisory, remote, arbitrary
advisories | CVE-2008-1807
SHA-256 | f2c22e428f5c55adfcda2877e8130ea56ec91d743b89e502b2f96e1f422a73e6
Page 1 of 1
Back1Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close