Attachment #88159 for bug #124917

View | Details | Raw Unified | Return to bug 124917
Collapse All | Expand All





-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
  <vuln vid="8ae3e5bb-4186-11dd-8a7c-00304835b4b2">
    <topic>FreeType 2 -- Multiple Vulnerabilities</topic>
    <affects>
      <package>
	<name>freetype2</name>
	<range><lt>2.3.6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<blockquote cite="http://secunia.com/advisories/30600">
	  <ul>
	    <li>An integer overflow error exists in the processing of PFB font
	      files. This can be exploited to cause a heap-based buffer overflow
	      via a PFB file containing a specially crafted "Private" dictionary
	      table.</li>
	    <li>An error in the processing of PFB font files can be exploited to
	      trigger the "free()" of memory areas that are not allocated on the
	      heap.</li>
	    <li>An off-by-one error exists in the processing of PFB font files.
	      This can be exploited to cause a one-byte heap-based buffer 
	      overflow via a specially crafted PFB file.</li>
	    <li>An off-by-one error exists in the implementation of the "SHC"
	      instruction while processing TTF files. This can be exploited to 
	      cause a one-byte heap-based buffer overflow via a specially 
	      crafted TTF file.</li>
	  </ul>
	  <p>Successful exploitation of the vulnerabilities may allow execution
	    of arbitrary code.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <bid>29637</bid>
      <bid>29639</bid>
      <bid>29640</bid>
      <bid>29641</bid>
      <cvename>CVE-2008-1806</cvename>
      <cvename>CVE-2008-1807</cvename>
      <cvename>CVE-2008-1808</cvename>
      <url>http://secunia.com/advisories/30600</url>
      <url>http://sourceforge.net/project/shownotes.php?release_id=605780</url>
      <url>http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=715</url>
      <url>http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=716</url>
      <url>http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=717</url>
    </references>
    <dates>
      <discovery>2008-06-10</discovery>
      <entry>2008-06-23</entry>
    </dates>
  </vuln>

  <vuln vid="ee6fa2bd-406a-11dd-936a-0015af872849">
    <topic>php -- input validation error in posix_access function</topic>
    <affects>

Return to bug 124917

Lines 34-39 Link Here

(-)vuln.xml (+52 lines)
34		34
35	-->	35	-->
36	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">	36	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
		37	<vuln vid="8ae3e5bb-4186-11dd-8a7c-00304835b4b2">
		38	<topic>FreeType 2 -- Multiple Vulnerabilities</topic>
		39	<affects>
		40	<package>
		41	<name>freetype2</name>
		42	<range><lt>2.3.6</lt></range>
		43	</package>
		44	</affects>
		45	<description>
		46	<body xmlns="http://www.w3.org/1999/xhtml">
		47	<blockquote cite="http://secunia.com/advisories/30600">
		48	<ul>
		49	<li>An integer overflow error exists in the processing of PFB font
		50	files. This can be exploited to cause a heap-based buffer overflow
		51	via a PFB file containing a specially crafted "Private" dictionary
		52	table.</li>
		53	<li>An error in the processing of PFB font files can be exploited to
		54	trigger the "free()" of memory areas that are not allocated on the
		55	heap.</li>
		56	<li>An off-by-one error exists in the processing of PFB font files.
		57	This can be exploited to cause a one-byte heap-based buffer
		58	overflow via a specially crafted PFB file.</li>
		59	<li>An off-by-one error exists in the implementation of the "SHC"
		60	instruction while processing TTF files. This can be exploited to
		61	cause a one-byte heap-based buffer overflow via a specially
		62	crafted TTF file.</li>
		63	</ul>
		64	<p>Successful exploitation of the vulnerabilities may allow execution
		65	of arbitrary code.</p>
		66	</blockquote>
		67	</body>
		68	</description>
		69	<references>
		70	<bid>29637</bid>
		71	<bid>29639</bid>
		72	<bid>29640</bid>
		73	<bid>29641</bid>
		74	<cvename>CVE-2008-1806</cvename>
		75	<cvename>CVE-2008-1807</cvename>
		76	<cvename>CVE-2008-1808</cvename>
		77	<url>http://secunia.com/advisories/30600</url>
		78	<url>http://sourceforge.net/project/shownotes.php?release_id=605780</url>
		79	<url>http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=715</url>
		80	<url>http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=716</url>
		81	<url>http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=717</url>
		82	</references>
		83	<dates>
		84	<discovery>2008-06-10</discovery>
		85	<entry>2008-06-23</entry>
		86	</dates>
		87	</vuln>
		88
37	<vuln vid="ee6fa2bd-406a-11dd-936a-0015af872849">	89	<vuln vid="ee6fa2bd-406a-11dd-936a-0015af872849">
38	<topic>php -- input validation error in posix_access function</topic>	90	<topic>php -- input validation error in posix_access function</topic>
39	<affects>	91	<affects>