CVE-2008-1806

Name of the Vulnerable Software and Affected Versions freetype versions prior to 2.3.6

Description The issue concerns multiple vulnerabilities in the freetype package that can be exploited to compromise the confidentiality, integrity, and availability of protected information. Exploitation can be done remotely. Specifically, an integer overflow in FreeType2 before version 2.3.6 allows attackers to execute arbitrary code via a crafted set of 16-bit length values within the Private dictionary table in a Printer Font Binary (PFB) file, triggering a heap-based buffer overflow.

Recommendations For versions prior to 2.3.6, update to version 2.3.6 or later to resolve the issue. As a temporary workaround, consider restricting the use of freetype until a patch is available. Avoid using freetype to process untrusted or crafted PFB files until the issue is resolved.