CVE-2008-1806

EPSS 3.8%

freetype - multiple vulnerabilities

Published: 6/16/2008Modified: 3/9/2026

Also known as:DSA-1635-1DEBIAN-CVE-2008-1806DTSA-139-1

Description

Integer overflow in FreeType2 before 2.3.6 allows context-dependent attackers to execute arbitrary code via a crafted set of 16-bit length values within the Private dictionary table in a Printer Font Binary (PFB) file, which triggers a heap-based buffer overflow.

Affected packages (3)

Debian/freetypefrom 0, < 2.3.6-1
Debian/freetypefrom 0, < 2.2.1-5+etch3
Debian/freetypefrom 0, < 2.3.5-1+lenny1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2008-1806