exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

CVE-2008-1808

Status Candidate

Overview

Multiple off-by-one errors in FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via (1) a crafted table in a Printer Font Binary (PFB) file or (2) a crafted SHC instruction in a TrueType Font (TTF) file, which triggers a heap-based buffer overflow.

Related Files

Gentoo Linux Security Advisory 201209-25
Posted Sep 30, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201209-25 - Multiple vulnerabilities have been found in VMware Player, Server, and Workstation, allowing remote and local attackers to conduct several attacks, including privilege escalation, remote execution of arbitrary code, and a Denial of Service.

tags | advisory, remote, denial of service, arbitrary, local, vulnerability
systems | linux, gentoo
advisories | CVE-2007-5269, CVE-2007-5503, CVE-2007-5671, CVE-2008-0967, CVE-2008-1340, CVE-2008-1361, CVE-2008-1362, CVE-2008-1363, CVE-2008-1364, CVE-2008-1392, CVE-2008-1447, CVE-2008-1806, CVE-2008-1807, CVE-2008-1808, CVE-2008-2098, CVE-2008-2100, CVE-2008-2101, CVE-2008-4915, CVE-2008-4916, CVE-2008-4917, CVE-2009-0040, CVE-2009-0909, CVE-2009-0910, CVE-2009-1244, CVE-2009-2267, CVE-2009-3707, CVE-2009-3732, CVE-2009-3733
SHA-256 | 69658d66093686eada54ad82e7c69c212f082445ebab3cf082f1e1fbc3b98de1
Mandriva Linux Security Advisory 2008-121
Posted Oct 31, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Multiple vulnerabilities were discovered in FreeType's Printer Font Binary (PFB) font-file format parser. If a user were to load a carefully crafted font file with a program linked against FreeType, it could cause the application to crash or potentially execute arbitrary code. The updated packages have been patched to prevent this issue. The patches used to correct the problem on Corporate Server 4.0 and Corporate 3.0 contained a problem where certain fonts would not be displayed and would cause applications, such as drakfont, to crash. This update corrects the regression.

tags | advisory, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2008-1806, CVE-2008-1807, CVE-2008-1808
SHA-256 | e1196696c73c394dbf50e0a49b97c9f35c40bd02c8e77f3cb912fcb4250312f3
Ubuntu Security Notice 643-1
Posted Sep 11, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 643-1 - Multiple flaws were discovered in the PFB and TTF font handling code in freetype. If a user were tricked into using a specially crafted font file, a remote attacker could execute arbitrary code with user privileges or cause the application linked against freetype to crash, leading to a denial of service.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2008-1806, CVE-2008-1807, CVE-2008-1808
SHA-256 | 92fa750f501d9838dabc54d77709b4f63b5f2d0348bb483e0510e3894c95d74f
Debian Linux Security Advisory 1635-1
Posted Sep 11, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1635-1 - Several local vulnerabilities have been discovered in freetype, a FreeType 2 font engine, which could allow the execution of arbitrary code.

tags | advisory, arbitrary, local, vulnerability
systems | linux, debian
advisories | CVE-2008-1806, CVE-2008-1807, CVE-2008-1808
SHA-256 | 61f0b4ba79682e645ff528e317d38d3edf965e04d6ade5dd6922f4a7adb56558
VMware Security Advisory 2008-0014
Posted Aug 31, 2008
Authored by VMware | Site vmware.com

VMware Security Advisory - Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.

tags | advisory, info disclosure
advisories | CVE-2008-2101, CVE-2007-5269, CVE-2008-1447, CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, CVE-2007-5438, CVE-2008-3696, CVE-2008-3697, CVE-2008-3698, CVE-2008-1806, CVE-2008-1807, CVE-2008-1808, CVE-2007-5503
SHA-256 | cf33ed983d59f3fe21ba66fc27682e8a073a9ba1d0031e69d9302bd25acc6efd
Gentoo Linux Security Advisory 200806-10
Posted Jun 24, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200806-10 - Font parsing vulnerabilities in FreeType might lead to user-assisted execution of arbitrary code. Versions less than 2.3.6 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2008-1806, CVE-2008-1807, CVE-2008-1808
SHA-256 | 192e51ee4e89c52295f21eb2bbf5f64d1090fe9dbb7292741881aadfd08f2702
Mandriva Linux Security Advisory 2008-121
Posted Jun 23, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Multiple vulnerabilities were discovered in FreeType's Printer Font Binary (PFB) font-file format parser. If a user were to load a carefully crafted font file with a program linked against FreeType, it could cause the application to crash or potentially execute arbitrary code.

tags | advisory, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2008-1806, CVE-2008-1807, CVE-2008-1808
SHA-256 | 8a997da76705d0c8b0d88bbaa3c54c87eb409fd1227e5740fe0a9fc96249abbc
iDEFENSE Security Advisory 2008-06-10.4
Posted Jun 11, 2008
Authored by iDefense Labs, regenrecht | Site idefense.com

iDefense Security Advisory 06.10.08 - Remote exploitation of multiple heap overflow vulnerabilities in the FreeType2 library, as included in various vendors' operating systems, could allow an attacker to execute arbitrary code with the privileges of the affected application. iDefense has confirmed the existence of these vulnerabilities in FreeType2 version 2.3.5. Previous versions may also be affected.

tags | advisory, remote, overflow, arbitrary, vulnerability
advisories | CVE-2008-1808
SHA-256 | 9a4ef45fbc6785b0af6fa5c6bf4ca83872c3fb8be357ebe78481f18cc310c0fd
Page 1 of 1
Back1Next

File Archive:

November 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    1 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    0 Files
  • 5
    Nov 5th
    0 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    0 Files
  • 8
    Nov 8th
    0 Files
  • 9
    Nov 9th
    0 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    219 Files
  • 14
    Nov 14th
    19 Files
  • 15
    Nov 15th
    66 Files
  • 16
    Nov 16th
    38 Files
  • 17
    Nov 17th
    9 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    11 Files
  • 22
    Nov 22nd
    56 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    36 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    14 Files
  • 28
    Nov 28th
    30 Files
  • 29
    Nov 29th
    35 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close