CVE-2008-1807

Name of the Vulnerable Software and Affected Versions freetype versions prior to 2.3.6

Description The issue concerns multiple vulnerabilities in the freetype package that can be exploited to compromise the confidentiality, integrity, and availability of protected information. Exploitation can be achieved remotely. Specifically, it allows context-dependent attackers to execute arbitrary code via an invalid number of axes field in a Printer Font Binary (PFB) file, leading to memory corruption by freeing arbitrary memory locations.

Recommendations For versions prior to 2.3.6, update to version 2.3.6 or later to resolve the issue. As a temporary workaround, consider restricting the use of freetype until a patch is applied. Avoid using freetype to process untrusted PFB files until the issue is resolved.