Search for vulnerabilities
Vulnerability details: VCID-1r8y-jjg8-aaac
Vulnerability ID VCID-1r8y-jjg8-aaac
Aliases CVE-2008-1808
Summary Multiple off-by-one errors in FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via (1) a crafted table in a Printer Font Binary (PFB) file or (2) a crafted SHC instruction in a TrueType Font (TTF) file, which triggers a heap-based buffer overflow.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-189 Numeric Errors
CWE-193 Off-by-one Error
System Score Found at
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
rhas Important https://access.redhat.com/errata/RHSA-2008:0556
rhas Important https://access.redhat.com/errata/RHSA-2008:0558
rhas Important https://access.redhat.com/errata/RHSA-2009:0329
epss 0.02007 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.02087 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.02087 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.02087 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.02087 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.02087 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.02087 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.02087 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.02087 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.02087 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.02087 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.02087 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.02087 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.02087 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.02087 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.02087 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.02087 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.0415 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
epss 0.101 https://api.first.org/data/v1/epss?cve=CVE-2008-1808
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=450774
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2008-1808
Reference id Reference type URL
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=717
http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html
http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1808.json
https://api.first.org/data/v1/epss?cve=CVE-2008-1808
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1808
http://secunia.com/advisories/30600
http://secunia.com/advisories/30721
http://secunia.com/advisories/30740
http://secunia.com/advisories/30766
http://secunia.com/advisories/30819
http://secunia.com/advisories/30821
http://secunia.com/advisories/30967
http://secunia.com/advisories/31479
http://secunia.com/advisories/31577
http://secunia.com/advisories/31707
http://secunia.com/advisories/31709
http://secunia.com/advisories/31711
http://secunia.com/advisories/31712
http://secunia.com/advisories/31823
http://secunia.com/advisories/31856
http://secunia.com/advisories/31900
http://secunia.com/advisories/33937
http://secunia.com/advisories/35204
http://security.gentoo.org/glsa/glsa-200806-10.xml
http://security.gentoo.org/glsa/glsa-201209-25.xml
http://securitytracker.com/id?1020240
https://issues.rpath.com/browse/RPL-2608
http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=605780
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11188
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239006-1
http://support.apple.com/kb/HT3026
http://support.apple.com/kb/HT3129
http://support.apple.com/kb/HT3438
http://support.avaya.com/elmodocs2/security/ASA-2008-318.htm
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00717.html
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00721.html
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0255
http://www.mandriva.com/security/advisories?name=MDVSA-2008:121
http://www.redhat.com/support/errata/RHSA-2008-0556.html
http://www.redhat.com/support/errata/RHSA-2008-0558.html
http://www.redhat.com/support/errata/RHSA-2009-0329.html
http://www.securityfocus.com/archive/1/495497/100/0/threaded
http://www.securityfocus.com/archive/1/495869/100/0/threaded
http://www.securityfocus.com/bid/29637
http://www.securityfocus.com/bid/29639
http://www.ubuntu.com/usn/usn-643-1
http://www.vmware.com/security/advisories/VMSA-2008-0014.html
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
http://www.vmware.com/support/player/doc/releasenotes_player.html
http://www.vmware.com/support/server/doc/releasenotes_server.html
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
http://www.vupen.com/english/advisories/2008/1794
http://www.vupen.com/english/advisories/2008/1876/references
http://www.vupen.com/english/advisories/2008/2423
http://www.vupen.com/english/advisories/2008/2466
http://www.vupen.com/english/advisories/2008/2525
http://www.vupen.com/english/advisories/2008/2558
450774 https://bugzilla.redhat.com/show_bug.cgi?id=450774
485841 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=485841
cpe:2.3:a:freetype:freetype:1.3.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.0.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.0.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.0.9:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.1.10:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.1.7:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.1.9:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.2.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.2.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.2.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.2.10:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.3.5:*:*:*:*:*:*:*
CVE-2008-1808 https://nvd.nist.gov/vuln/detail/CVE-2008-1808
GLSA-200806-10 https://security.gentoo.org/glsa/200806-10
GLSA-201209-25 https://security.gentoo.org/glsa/201209-25
RHSA-2008:0556 https://access.redhat.com/errata/RHSA-2008:0556
RHSA-2008:0558 https://access.redhat.com/errata/RHSA-2008:0558
RHSA-2009:0329 https://access.redhat.com/errata/RHSA-2009:0329
USN-643-1 https://usn.ubuntu.com/643-1/
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2008-1808
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.89236
EPSS Score 0.02007
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.