CVE-2008-1808 | Vulnerability Database | Aqua Security

Multiple off-by-one errors in FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via (1) a crafted table in a Printer Font Binary (PFB) file or (2) a crafted SHC instruction in a TrueType Font (TTF) file, which triggers a heap-based buffer overflow.

Affected Software

Name	Vendor	Start Version	End Version
Freetype	Freetype	2.1.9	2.1.9
Freetype	Freetype	2.1.10	2.1.10
Freetype	Freetype	2.3.4	2.3.4
Freetype	Freetype	2.3.5	2.3.5
Freetype	Freetype	1.3.1	1.3.1
Freetype	Freetype	2.2.10	2.2.10
Freetype	Freetype	2.2.1	2.2.1
Freetype	Freetype	2.3.3	2.3.3
Freetype	Freetype	2.0.9	2.0.9
Freetype	Freetype	2.0.6	2.0.6
Freetype	Freetype	2.1.7	2.1.7
Freetype	Freetype	2.2.0	2.2.0

References

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=717
http://sourceforge.net/project/shownotes.php?group_id=3157\u0026release_id=605780
http://www.securityfocus.com/bid/29637
http://www.securityfocus.com/bid/29639
http://securitytracker.com/id?1020240
http://secunia.com/advisories/30600
http://secunia.com/advisories/31709
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
http://www.vmware.com/security/advisories/VMSA-2008-0014.html
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
http://secunia.com/advisories/30821
http://support.avaya.com/elmodocs2/security/ASA-2008-318.htm
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
http://www.vmware.com/support/server/doc/releasenotes_server.html
http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239006-1
http://secunia.com/advisories/30721
http://secunia.com/advisories/30740
http://secunia.com/advisories/31712
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html
http://www.redhat.com/support/errata/RHSA-2008-0558.html
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00721.html
http://secunia.com/advisories/30766
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00717.html
http://secunia.com/advisories/31707
http://security.gentoo.org/glsa/glsa-200806-10.xml
http://www.redhat.com/support/errata/RHSA-2008-0556.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:121
http://secunia.com/advisories/30967
http://www.vmware.com/support/player/doc/releasenotes_player.html
http://secunia.com/advisories/30819
http://secunia.com/advisories/31711
http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html
http://secunia.com/advisories/31856
http://secunia.com/advisories/31900
http://support.apple.com/kb/HT3129
http://www.ubuntu.com/usn/usn-643-1
http://secunia.com/advisories/31823
http://secunia.com/advisories/31577
http://support.apple.com/kb/HT3026
http://secunia.com/advisories/31479
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0255
https://issues.rpath.com/browse/RPL-2608
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
http://secunia.com/advisories/33937
http://secunia.com/advisories/35204
http://www.redhat.com/support/errata/RHSA-2009-0329.html
http://support.apple.com/kb/HT3438
http://www.vupen.com/english/advisories/2008/2558
http://www.vupen.com/english/advisories/2008/2525
http://www.vupen.com/english/advisories/2008/2423
http://www.vupen.com/english/advisories/2008/2466
http://www.vupen.com/english/advisories/2008/1876/references
http://www.vupen.com/english/advisories/2008/1794
http://security.gentoo.org/glsa/glsa-201209-25.xml
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11188
http://www.securityfocus.com/archive/1/495869/100/0/threaded
http://www.securityfocus.com/archive/1/495497/100/0/threaded

NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-1808
CWE	https://cwe.mitre.org/data/definitions/189.html