CVE-2008-1807
EPSS 5.9%
Description
FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via an invalid "number of axes" field in a Printer Font Binary (PFB) file, which triggers a free of arbitrary memory locations, leading to memory corruption.
How to fix CVE-2008-1807
To remediate CVE-2008-1807, upgrade the affected package to a fixed version below.
- Debian/freetype—upgrade to 2.3.6-1 or later
Is CVE-2008-1807 being exploited?
Moderate — EPSS is 5.9%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 2.3.6-1