Integer overflow in FreeType2 before 2.3.6 allows context-dependent attackers to execute arbitrary code via a crafted set of 16-bit length values within the Private dictionary table in a Printer Font Binary (PFB) file, which triggers a heap-based buffer overflow.
Publish Date : 2008-06-16 Last Update Date : 2018-10-11
OVAL (Open Vulnerability and Assessment Language) definitions define exactly what should be done to verify
a vulnerability or a missing patch. Check out the OVAL definitions
if you want to learn what you should do to verify a vulnerability.
http://support.apple.com/kb/HT3129 CONFIRM |
http://support.apple.com/kb/HT3438 CONFIRM |
http://support.avaya.com/elmodocs2/security/ASA-2008-318.htm CONFIRM |
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0255 CONFIRM |
http://www.mandriva.com/security/advisories?name=MDVSA-2008:121 MANDRIVA MDVSA-2008:121 |
http://www.redhat.com/support/errata/RHSA-2008-0556.html REDHAT RHSA-2008:0556 |
http://www.redhat.com/support/errata/RHSA-2008-0558.html REDHAT RHSA-2008:0558 |
http://www.securityfocus.com/archive/1/495497/100/0/threaded BUGTRAQ 20080814 rPSA-2008-0255-1 freetype |
http://www.securityfocus.com/archive/1/495869/100/0/threaded BUGTRAQ 20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues. |
http://www.securityfocus.com/bid/29640 BID 29640 FreeType2 Printer Font Binary Private Dictionary Table Integer Overflow Vulnerability Release Date:2012-10-01 |
http://www.ubuntu.com/usn/usn-643-1 UBUNTU USN-643-1 |
http://www.vmware.com/security/advisories/VMSA-2008-0014.html CONFIRM |
http://www.vmware.com/support/player/doc/releasenotes_player.html CONFIRM |
http://www.vmware.com/support/player2/doc/releasenotes_player2.html CONFIRM |
http://www.vmware.com/support/server/doc/releasenotes_server.html CONFIRM |
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html CONFIRM |
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html CONFIRM |
http://www.vupen.com/english/advisories/2008/1794 VUPEN ADV-2008-1794 |
http://www.vupen.com/english/advisories/2008/1876/references VUPEN ADV-2008-1876 |
http://www.vupen.com/english/advisories/2008/2423 VUPEN ADV-2008-2423 |
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=715 IDEFENSE 20080610 Multiple Vendor FreeType2 PFB Integer Overflow Vulnerability |
http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html APPLE APPLE-SA-2008-09-09 |
http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html APPLE APPLE-SA-2008-09-12 |
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html APPLE APPLE-SA-2009-02-12 |
http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html FULLDISC 20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues. |
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html SUSE SUSE-SR:2008:014 |
http://security.gentoo.org/glsa/glsa-200806-10.xml GENTOO GLSA-200806-10 |
http://security.gentoo.org/glsa/glsa-201209-25.xml GENTOO GLSA-201209-25 |
http://securitytracker.com/id?1020238 SECTRACK 1020238 |
http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=605780 |
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00717.html FEDORA FEDORA-2008-5425 |
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00721.html FEDORA FEDORA-2008-5430 |
https://issues.rpath.com/browse/RPL-2608 CONFIRM |
http://www.vupen.com/english/advisories/2008/2525 VUPEN ADV-2008-2525 |
http://www.vupen.com/english/advisories/2008/2558 VUPEN ADV-2008-2558 |
http://www.vupen.com/english/advisories/2008/2466 VUPEN ADV-2008-2466 |
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239006-1 SUNALERT 239006 |
http://support.apple.com/kb/HT3026 CONFIRM |