CVE-2008-1808

Name of the Vulnerable Software and Affected Versions FreeType2 versions prior to 2.3.6

Description The issue involves multiple off-by-one errors that can be exploited by context-dependent attackers to execute arbitrary code. This can be achieved through a crafted table in a Printer Font Binary (PFB) file or a crafted SHC instruction in a TrueType Font (TTF) file, leading to a heap-based buffer overflow. The exploitation of these vulnerabilities may compromise the confidentiality, integrity, and availability of protected information and can be performed remotely.

Recommendations For FreeType2 versions prior to 2.3.6, update to version 2.3.6 or later to resolve the issue. As a temporary workaround, consider restricting the use of PFB and TTF files from untrusted sources until a patch is applied.