Search for vulnerabilities
Vulnerability details: VCID-qsxf-bepg-aaak
Vulnerability ID VCID-qsxf-bepg-aaak
Aliases CVE-2008-1806
Summary Integer overflow in FreeType2 before 2.3.6 allows context-dependent attackers to execute arbitrary code via a crafted set of 16-bit length values within the Private dictionary table in a Printer Font Binary (PFB) file, which triggers a heap-based buffer overflow.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-189 Numeric Errors
CWE-190 Integer Overflow or Wraparound
System Score Found at
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
rhas Important https://access.redhat.com/errata/RHSA-2008:0556
rhas Important https://access.redhat.com/errata/RHSA-2008:0558
epss 0.02007 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.02087 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.02087 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.02087 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.02087 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.02087 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.02087 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.02087 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.02087 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.02087 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.02087 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.02087 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.02087 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.02087 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.02087 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.02087 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.02087 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.04994 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
epss 0.10839 https://api.first.org/data/v1/epss?cve=CVE-2008-1806
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=450768
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2008-1806
Reference id Reference type URL
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=715
http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html
http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1806.json
https://api.first.org/data/v1/epss?cve=CVE-2008-1806
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1806
http://secunia.com/advisories/30600
http://secunia.com/advisories/30721
http://secunia.com/advisories/30740
http://secunia.com/advisories/30766
http://secunia.com/advisories/30819
http://secunia.com/advisories/30821
http://secunia.com/advisories/30967
http://secunia.com/advisories/31479
http://secunia.com/advisories/31577
http://secunia.com/advisories/31707
http://secunia.com/advisories/31709
http://secunia.com/advisories/31711
http://secunia.com/advisories/31712
http://secunia.com/advisories/31823
http://secunia.com/advisories/31856
http://secunia.com/advisories/31900
http://secunia.com/advisories/33937
http://security.gentoo.org/glsa/glsa-200806-10.xml
http://security.gentoo.org/glsa/glsa-201209-25.xml
http://securitytracker.com/id?1020238
https://issues.rpath.com/browse/RPL-2608
http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=605780
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9321
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239006-1
http://support.apple.com/kb/HT3026
http://support.apple.com/kb/HT3129
http://support.apple.com/kb/HT3438
http://support.avaya.com/elmodocs2/security/ASA-2008-318.htm
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00717.html
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00721.html
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0255
http://www.mandriva.com/security/advisories?name=MDVSA-2008:121
http://www.redhat.com/support/errata/RHSA-2008-0556.html
http://www.redhat.com/support/errata/RHSA-2008-0558.html
http://www.securityfocus.com/archive/1/495497/100/0/threaded
http://www.securityfocus.com/archive/1/495869/100/0/threaded
http://www.securityfocus.com/bid/29640
http://www.ubuntu.com/usn/usn-643-1
http://www.vmware.com/security/advisories/VMSA-2008-0014.html
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
http://www.vmware.com/support/player/doc/releasenotes_player.html
http://www.vmware.com/support/server/doc/releasenotes_server.html
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
http://www.vupen.com/english/advisories/2008/1794
http://www.vupen.com/english/advisories/2008/1876/references
http://www.vupen.com/english/advisories/2008/2423
http://www.vupen.com/english/advisories/2008/2466
http://www.vupen.com/english/advisories/2008/2525
http://www.vupen.com/english/advisories/2008/2558
450768 https://bugzilla.redhat.com/show_bug.cgi?id=450768
485841 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=485841
cpe:2.3:a:freetype:freetype:1.3.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.3.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.3.5:*:*:*:*:*:*:*
CVE-2008-1806 https://nvd.nist.gov/vuln/detail/CVE-2008-1806
GLSA-200806-10 https://security.gentoo.org/glsa/200806-10
GLSA-201209-25 https://security.gentoo.org/glsa/201209-25
RHSA-2008:0556 https://access.redhat.com/errata/RHSA-2008:0556
RHSA-2008:0558 https://access.redhat.com/errata/RHSA-2008:0558
USN-643-1 https://usn.ubuntu.com/643-1/
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2008-1806
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.89236
EPSS Score 0.02007
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.