Search for vulnerabilities
Vulnerability details: VCID-a1nr-zzmq-aaag
Vulnerability ID VCID-a1nr-zzmq-aaag
Aliases CVE-2008-1807
Summary FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via an invalid "number of axes" field in a Printer Font Binary (PFB) file, which triggers a free of arbitrary memory locations, leading to memory corruption.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-189 Numeric Errors
System Score Found at
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
rhas Important https://access.redhat.com/errata/RHSA-2008:0556
rhas Important https://access.redhat.com/errata/RHSA-2008:0558
epss 0.02170 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.02170 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.02170 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.02772 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.02882 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.02882 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.02882 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.02882 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.02882 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.02882 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.02882 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.02882 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.02882 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.02882 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.02882 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.02882 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.05336 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.05336 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.05336 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.05336 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.05336 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.05336 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.05336 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.05336 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.05336 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.05336 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.05336 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.05336 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.05336 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.05336 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.05336 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.05336 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.05336 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.05336 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.05336 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.05336 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.05336 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.05336 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.05336 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.05336 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.05336 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.05336 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.05336 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.05336 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.05336 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.05336 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.05336 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.05336 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.05336 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.05336 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.05336 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.05336 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.05336 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.05336 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.05336 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.05336 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.05336 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.05336 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.05336 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.05336 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.05336 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.05336 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.05336 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.05336 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.05336 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.05336 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.05336 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.05336 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.05336 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.05336 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.05336 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
epss 0.13007 https://api.first.org/data/v1/epss?cve=CVE-2008-1807
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=450773
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2008-1807
Reference id Reference type URL
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=716
http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html
http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1807.json
https://api.first.org/data/v1/epss?cve=CVE-2008-1807
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1807
http://secunia.com/advisories/30600
http://secunia.com/advisories/30721
http://secunia.com/advisories/30740
http://secunia.com/advisories/30766
http://secunia.com/advisories/30819
http://secunia.com/advisories/30821
http://secunia.com/advisories/30967
http://secunia.com/advisories/31479
http://secunia.com/advisories/31577
http://secunia.com/advisories/31707
http://secunia.com/advisories/31709
http://secunia.com/advisories/31711
http://secunia.com/advisories/31712
http://secunia.com/advisories/31823
http://secunia.com/advisories/31856
http://secunia.com/advisories/31900
http://secunia.com/advisories/33937
http://security.gentoo.org/glsa/glsa-200806-10.xml
http://security.gentoo.org/glsa/glsa-201209-25.xml
http://securitytracker.com/id?1020239
https://issues.rpath.com/browse/RPL-2608
http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=605780
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9767
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239006-1
http://support.apple.com/kb/HT3026
http://support.apple.com/kb/HT3129
http://support.apple.com/kb/HT3438
http://support.avaya.com/elmodocs2/security/ASA-2008-318.htm
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00717.html
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00721.html
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0255
http://www.mandriva.com/security/advisories?name=MDVSA-2008:121
http://www.redhat.com/support/errata/RHSA-2008-0556.html
http://www.redhat.com/support/errata/RHSA-2008-0558.html
http://www.securityfocus.com/archive/1/495497/100/0/threaded
http://www.securityfocus.com/archive/1/495869/100/0/threaded
http://www.securityfocus.com/bid/29641
http://www.ubuntu.com/usn/usn-643-1
http://www.vmware.com/security/advisories/VMSA-2008-0014.html
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
http://www.vmware.com/support/player/doc/releasenotes_player.html
http://www.vmware.com/support/server/doc/releasenotes_server.html
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
http://www.vupen.com/english/advisories/2008/1794
http://www.vupen.com/english/advisories/2008/1876/references
http://www.vupen.com/english/advisories/2008/2423
http://www.vupen.com/english/advisories/2008/2466
http://www.vupen.com/english/advisories/2008/2525
http://www.vupen.com/english/advisories/2008/2558
450773 https://bugzilla.redhat.com/show_bug.cgi?id=450773
485841 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=485841
cpe:2.3:a:freetype:freetype:1.3.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.3.5:*:*:*:*:*:*:*
CVE-2008-1807 https://nvd.nist.gov/vuln/detail/CVE-2008-1807
GLSA-200806-10 https://security.gentoo.org/glsa/200806-10
GLSA-201209-25 https://security.gentoo.org/glsa/201209-25
RHSA-2008:0556 https://access.redhat.com/errata/RHSA-2008:0556
RHSA-2008:0558 https://access.redhat.com/errata/RHSA-2008:0558
USN-643-1 https://usn.ubuntu.com/643-1/
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2008-1807
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.89001
EPSS Score 0.02170
Published At Dec. 27, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.