FreeBSD : FreeType 2 -- Multiple Vulnerabilities (4fb43b2f-46a9-11dd-9d38-00163e000016)

high Nessus Plugin ID 33419

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Secunia reports :

- An integer overflow error exists in the processing of PFB font files. This can be exploited to cause a heap-based buffer overflow via a PFB file containing a specially crafted 'Private' dictionary table.

- An error in the processing of PFB font files can be exploited to trigger the 'free()' of memory areas that are not allocated on the heap.

- An off-by-one error exists in the processing of PFB font files. This can be exploited to cause a one-byte heap-based buffer overflow via a specially crafted PFB file.

- An off-by-one error exists in the implementation of the 'SHC' instruction while processing TTF files. This can be exploited to cause a one-byte heap-based buffer overflow via a specially crafted TTF file.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

Solution

Update the affected package.

See Also

http://www.nessus.org/u?cc3fe7c0

http://www.nessus.org/u?8013d3a4

Plugin Details

Severity: High

ID: 33419

File Name: freebsd_pkg_4fb43b2f46a911dd9d3800163e000016.nasl

Version: 1.18

Type: local

Published: 7/8/2008

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:freetype2, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Ease: No known exploits are available

Patch Publication Date: 7/3/2008

Vulnerability Publication Date: 6/10/2008

Reference Information

CVE: CVE-2008-1806, CVE-2008-1807, CVE-2008-1808

BID: 29637, 29639, 29640, 29641

CWE: 189

Secunia: 30600