Freetype : Security vulnerabilities, CVEs published in 2008

Copy

CVE-2008-1808

Multiple off-by-one errors in FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via (1) a crafted table in a Printer Font Binary (PFB) file or (2) a crafted SHC instruction in a TrueType Font (TTF) file, which triggers a heap-based buffer overflow.

Max CVSS

7.5

EPSS Score

2.06%

Published

2008-06-16

Updated

2021-01-26

CVE-2008-1807

FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via an invalid "number of axes" field in a Printer Font Binary (PFB) file, which triggers a free of arbitrary memory locations, leading to memory corruption.

Max CVSS

7.5

EPSS Score

2.02%

Published

2008-06-16

Updated

2018-10-11

CVE-2008-1806

Integer overflow in FreeType2 before 2.3.6 allows context-dependent attackers to execute arbitrary code via a crafted set of 16-bit length values within the Private dictionary table in a Printer Font Binary (PFB) file, which triggers a heap-based buffer overflow.

Max CVSS

7.5

EPSS Score

2.06%

Published

2008-06-16

Updated

2018-10-11

3 vulnerabilities found

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!