CVE-2008-1806
freetype - multiple vulnerabilities
EPSS 3.8%
Description
Integer overflow in FreeType2 before 2.3.6 allows context-dependent attackers to execute arbitrary code via a crafted set of 16-bit length values within the Private dictionary table in a Printer Font Binary (PFB) file, which triggers a heap-based buffer overflow.
How to fix CVE-2008-1806
To remediate CVE-2008-1806, upgrade the affected package to a fixed version below.
- Debian/freetype—upgrade to 2.3.6-1 or later
- Debian/freetype—upgrade to 2.2.1-5+etch3 or later
- Debian/freetype—upgrade to 2.3.5-1+lenny1 or later
Is CVE-2008-1806 being exploited?
Low — EPSS is 3.8%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 2.3.6-1
- from 0, < 2.2.1-5+etch3
- from 0, < 2.3.5-1+lenny1