CVE-2008-1808

Multiple off-by-one errors in FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via (1) a crafted table in a Printer Font Binary (PFB) file or (2) a crafted SHC instruction in a TrueType Font (TTF) file, which triggers a heap-based buffer overflow.

Affected Software

Name	Vendor	Start Version	End Version
Freetype	Freetype	1.3.1 (including)	1.3.1 (including)
Freetype	Freetype	2.0.6 (including)	2.0.6 (including)
Freetype	Freetype	2.0.9 (including)	2.0.9 (including)
Freetype	Freetype	2.1.7 (including)	2.1.7 (including)
Freetype	Freetype	2.1.9 (including)	2.1.9 (including)
Freetype	Freetype	2.1.10 (including)	2.1.10 (including)
Freetype	Freetype	2.2.0 (including)	2.2.0 (including)
Freetype	Freetype	2.2.1 (including)	2.2.1 (including)
Freetype	Freetype	2.2.10 (including)	2.2.10 (including)
Freetype	Freetype	2.3.3 (including)	2.3.3 (including)
Freetype	Freetype	2.3.4 (including)	2.3.4 (including)
Freetype	Freetype	2.3.5 (including)	2.3.5 (including)
Red Hat Enterprise Linux 2.1	RedHat	freetype-0:2.0.3-15.el21	*
Red Hat Enterprise Linux 3	RedHat	freetype-0:2.1.4-10.el3	*
Red Hat Enterprise Linux 3	RedHat	freetype-0:2.1.4-12.el3	*
Red Hat Enterprise Linux 4	RedHat	freetype-0:2.1.9-8.el4.6	*
Red Hat Enterprise Linux 4	RedHat	freetype-0:2.1.9-10.el4.7	*
Red Hat Enterprise Linux 5	RedHat	freetype-0:2.2.1-20.el5_2	*
Freetype	Ubuntu	dapper	*
Freetype	Ubuntu	feisty	*
Freetype	Ubuntu	gutsy	*
Freetype	Ubuntu	hardy	*
Freetype	Ubuntu	upstream	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-1808
CWE	https://cwe.mitre.org/data/definitions/189.html

Affected Software

References