CVE-2008-1806

Loading...

General

Score:7.5/10.0
Severity:High
Category:Numeric Error

Impact Metrics

Confidentiality:Partial
Integrity:Partial
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:None

Relative vulnerabilities

CVE-2006-1861, CVE-2006-3467, CVE-2007-1351, CVE-2007-1352, CVE-2007-1667, CVE-2007-4565, CVE-2007-4965, CVE-2007-5269, CVE-2007-5438, CVE-2007-5503, CVE-2008-1377, CVE-2008-1379, CVE-2008-1447, CVE-2008-1679, CVE-2008-1721, CVE-2008-1807, CVE-2008-1808, CVE-2008-1887, CVE-2008-1927, CVE-2008-2101, CVE-2008-2315, CVE-2008-2316, CVE-2008-2360, CVE-2008-2361, CVE-2008-2362, CVE-2008-2379, CVE-2008-2711, CVE-2008-3142, CVE-2008-3144, CVE-2008-3612, CVE-2008-3631, CVE-2008-3632, CVE-2008-3633, CVE-2008-3663, CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, CVE-2008-3696, CVE-2008-3697, CVE-2008-3698, CVE-2008-4864, CVE-2008-5031, CVE-2008-5050, CVE-2008-5183, CVE-2008-5314, CVE-2009-0009, CVE-2009-0011, CVE-2009-0012, CVE-2009-0013, CVE-2009-0014, CVE-2009-0015, CVE-2009-0017, CVE-2009-0018, CVE-2009-0019, CVE-2009-0020, CVE-2009-0137, CVE-2009-0138, CVE-2009-0139, CVE-2009-0140, CVE-2009-0141, CVE-2009-0142

Published on 16/06/08 - Updated on 11/10/18

Description

Integer overflow in FreeType2 before 2.3.6 allows context-dependent attackers to execute arbitrary code via a crafted set of 16-bit length values within the Private dictionary table in a Printer Font Binary (PFB) file, which triggers a heap-based buffer overflow.

Category: Numeric Error

CWE-189 (Numeric Errors)
Weaknesses in this category are related to improper calculation or conversion of numbers.

Security Notices

US National Vulnerability DatabaseCVE-2008-1806
Agence Nationale de la Sécurité des Systèmes d'Information CERTA-2008-AVI-314, CERTA-2008-AVI-445, CERTA-2009-AVI-068
CentOS CESA-2008:0556
Redhat RHSA-2008:0556
Renater 2008/VULN222, 2008/VULN319, 2008/VULN340, 2008/VULN350, 2009/VULN046

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
freetypefreetype

Share this vulnerability with:

Twitter Facebook LinkedIn Mail