Launchpad.net

CVE 2008-1806

Integer overflow in FreeType2 before 2.3.6 allows context-dependent attackers to execute arbitrary code via a crafted set of 16-bit length values within the Private dictionary table in a Printer Font Binary (PFB) file, which triggers a heap-based buffer overflow.

Related bugs and status

CVE-2008-1806 (Candidate) is related to these bugs:

Bug #238977: [CVE-2008-1806, -1807, -1808] Multiple vulnerabilities in FreeType2

Summary				In	Importance	Status
	238977	[CVE-2008-1806, -1807, -1808] Multiple vulnerabilities in FreeType2		freetype (Ubuntu)	Undecided	New

See the

CVE page on Mitre.org for more details.

References

IDEFENSE: 20080610 Multiple Vend...
BID: 29640
SECTRACK: 1020238
SECUNIA: 30600
FEDORA: FEDORA-2008-5425
FEDORA: FEDORA-2008-5430
SECUNIA: 30740
GENTOO: GLSA-200806-10
MANDRIVA: MDVSA-2008:121
REDHAT: RHSA-2008:0556
REDHAT: RHSA-2008:0558
SUNALERT: 239006
SUSE: SUSE-SR:2008:014
SECUNIA: 30766
SECUNIA: 30721
SECUNIA: 30821
SECUNIA: 30819
SECUNIA: 30967
FULLDISC: 20080830 VMSA-2008-001...
CONFIRM: http://support.avaya.c...
CONFIRM: http://www.vmware.com/...
CONFIRM: http://www.vmware.com/...
CONFIRM: http://www.vmware.com/...
CONFIRM: http://www.vmware.com/...
CONFIRM: http://www.vmware.com/...
CONFIRM: http://www.vmware.com/...
CONFIRM: http://support.apple.c...
APPLE: APPLE-SA-2008-09-09
APPLE: APPLE-SA-2008-09-12
UBUNTU: USN-643-1
SECUNIA: 31707
SECUNIA: 31709
SECUNIA: 31711
SECUNIA: 31712
SECUNIA: 31856
SECUNIA: 31900
SECUNIA: 31823
SECUNIA: 31577
CONFIRM: http://support.apple.c...
CONFIRM: http://wiki.rpath.com/...
CONFIRM: https://issues.rpath.c...
SECUNIA: 31479
APPLE: APPLE-SA-2009-02-12
SECUNIA: 33937
CONFIRM: http://support.apple.c...
VUPEN: ADV-2008-1794
VUPEN: ADV-2008-1876
VUPEN: ADV-2008-2423
VUPEN: ADV-2008-2466
VUPEN: ADV-2008-2558
VUPEN: ADV-2008-2525
GENTOO: GLSA-201209-25
MISC: http://sourceforge.net...
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20080814 rPSA-2008-025...
BUGTRAQ: 20080830 VMSA-2008-001...