CVE-2008-1807 | Vulnerability Database | Aqua Security

FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via an invalid number of axes field in a Printer Font Binary (PFB) file, which triggers a free of arbitrary memory locations, leading to memory corruption.

Affected Software

Name	Vendor	Start Version	End Version
Freetype	Freetype	1.3.1 (including)	1.3.1 (including)
Freetype	Freetype	2.3.3 (including)	2.3.3 (including)
Freetype	Freetype	2.3.4 (including)	2.3.4 (including)
Freetype	Freetype	2.3.5 (including)	2.3.5 (including)
Red Hat Enterprise Linux 2.1	RedHat	freetype-0:2.0.3-15.el21	*
Red Hat Enterprise Linux 3	RedHat	freetype-0:2.1.4-10.el3	*
Red Hat Enterprise Linux 4	RedHat	freetype-0:2.1.9-8.el4.6	*
Red Hat Enterprise Linux 5	RedHat	freetype-0:2.2.1-20.el5_2	*
Freetype	Ubuntu	dapper	*
Freetype	Ubuntu	feisty	*
Freetype	Ubuntu	gutsy	*
Freetype	Ubuntu	hardy	*
Freetype	Ubuntu	upstream	*

References

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=716
http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html
http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
http://secunia.com/advisories/30600
http://secunia.com/advisories/30721
http://secunia.com/advisories/30740
http://secunia.com/advisories/30766
http://secunia.com/advisories/30819
http://secunia.com/advisories/30821
http://secunia.com/advisories/30967
http://secunia.com/advisories/31479
http://secunia.com/advisories/31577
http://secunia.com/advisories/31707
http://secunia.com/advisories/31709
http://secunia.com/advisories/31711
http://secunia.com/advisories/31712
http://secunia.com/advisories/31823
http://secunia.com/advisories/31856
http://secunia.com/advisories/31900
http://secunia.com/advisories/33937
http://security.gentoo.org/glsa/glsa-200806-10.xml
http://security.gentoo.org/glsa/glsa-201209-25.xml
http://securitytracker.com/id?1020239
http://sourceforge.net/project/shownotes.php?group_id=3157\u0026release_id=605780
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239006-1
http://support.apple.com/kb/HT3026
http://support.apple.com/kb/HT3129
http://support.apple.com/kb/HT3438
http://support.avaya.com/elmodocs2/security/ASA-2008-318.htm
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0255
http://www.mandriva.com/security/advisories?name=MDVSA-2008:121
http://www.redhat.com/support/errata/RHSA-2008-0556.html
http://www.redhat.com/support/errata/RHSA-2008-0558.html
http://www.securityfocus.com/archive/1/495497/100/0/threaded
http://www.securityfocus.com/archive/1/495869/100/0/threaded
http://www.securityfocus.com/bid/29641
http://www.ubuntu.com/usn/usn-643-1
http://www.vmware.com/security/advisories/VMSA-2008-0014.html
http://www.vmware.com/support/player/doc/releasenotes_player.html
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
http://www.vmware.com/support/server/doc/releasenotes_server.html
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
http://www.vupen.com/english/advisories/2008/1794
http://www.vupen.com/english/advisories/2008/1876/references
http://www.vupen.com/english/advisories/2008/2423
http://www.vupen.com/english/advisories/2008/2466
http://www.vupen.com/english/advisories/2008/2525
http://www.vupen.com/english/advisories/2008/2558
https://issues.rpath.com/browse/RPL-2608
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9767
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00717.html
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00721.html
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=716
http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html
http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
http://secunia.com/advisories/30600
http://secunia.com/advisories/30721
http://secunia.com/advisories/30740
http://secunia.com/advisories/30766
http://secunia.com/advisories/30819
http://secunia.com/advisories/30821
http://secunia.com/advisories/30967
http://secunia.com/advisories/31479
http://secunia.com/advisories/31577
http://secunia.com/advisories/31707
http://secunia.com/advisories/31709
http://secunia.com/advisories/31711
http://secunia.com/advisories/31712
http://secunia.com/advisories/31823
http://secunia.com/advisories/31856
http://secunia.com/advisories/31900
http://secunia.com/advisories/33937
http://security.gentoo.org/glsa/glsa-200806-10.xml
http://security.gentoo.org/glsa/glsa-201209-25.xml
http://securitytracker.com/id?1020239
http://sourceforge.net/project/shownotes.php?group_id=3157\u0026release_id=605780
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239006-1
http://support.apple.com/kb/HT3026
http://support.apple.com/kb/HT3129
http://support.apple.com/kb/HT3438
http://support.avaya.com/elmodocs2/security/ASA-2008-318.htm
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0255
http://www.mandriva.com/security/advisories?name=MDVSA-2008:121
http://www.redhat.com/support/errata/RHSA-2008-0556.html
http://www.redhat.com/support/errata/RHSA-2008-0558.html
http://www.securityfocus.com/archive/1/495497/100/0/threaded
http://www.securityfocus.com/archive/1/495869/100/0/threaded
http://www.securityfocus.com/bid/29641
http://www.ubuntu.com/usn/usn-643-1
http://www.vmware.com/security/advisories/VMSA-2008-0014.html
http://www.vmware.com/support/player/doc/releasenotes_player.html
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
http://www.vmware.com/support/server/doc/releasenotes_server.html
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
http://www.vupen.com/english/advisories/2008/1794
http://www.vupen.com/english/advisories/2008/1876/references
http://www.vupen.com/english/advisories/2008/2423
http://www.vupen.com/english/advisories/2008/2466
http://www.vupen.com/english/advisories/2008/2525
http://www.vupen.com/english/advisories/2008/2558
https://issues.rpath.com/browse/RPL-2608
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9767
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00717.html
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00721.html

NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-1807
CWE	https://cwe.mitre.org/data/definitions/189.html