製品・ソフトウェアに関する情報

JVN脆弱性詳細

FreeType2 におけるヒープベースのバッファオーバーフローの脆弱性

Title	FreeType2 におけるヒープベースのバッファオーバーフローの脆弱性
Summary	FreeType2 には、Printer Font Binary (PFB) ファイルの処理に不備が存在するため、ヒープベースのバッファオーバーフローの脆弱性が存在します。
Possible impacts	悪意あるユーザにより、巧妙に作られた Printer Font Binary (PFB) ファイルを処理した際に、任意のコードを実行される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	June 17, 2008, midnight
Registration Date	July 11, 2008, 2:34 p.m.
Last Update	Oct. 19, 2010, 3:15 p.m.

CVSS2.0 : 危険
Score	7.5
Vector	AV:N/AC:L/Au:N/C:P/I:P/A:P

Affected System

サン・マイクロシステムズ

OpenSolaris (sparc)

OpenSolaris (x86)

Sun Solaris 10 (sparc)

Sun Solaris 10 (x86)

Sun Solaris 8 (sparc)

Sun Solaris 8 (x86)

Sun Solaris 9 (sparc)

Sun Solaris 9 (x86)

レッドハット

Red Hat Enterprise Linux 2.1 (as)

Red Hat Enterprise Linux 2.1 (es)

Red Hat Enterprise Linux 2.1 (ws)

Red Hat Enterprise Linux 3 (as)

Red Hat Enterprise Linux 3 (es)

Red Hat Enterprise Linux 3 (ws)

Red Hat Enterprise Linux 4 (as)

Red Hat Enterprise Linux 4 (es)

Red Hat Enterprise Linux 4 (ws)

Red Hat Enterprise Linux 5 (server)

Red Hat Enterprise Linux Desktop 3.0

Red Hat Enterprise Linux Desktop 4.0

Red Hat Enterprise Linux Desktop 5.0 (client)

Red Hat Linux Advanced Workstation 2.1

RHEL Desktop Workstation 5 (client)

ターボリナックス

Turbolinux Appliance Server 3.0 (x64)

Turbolinux Appliance Server 3.0

Turbolinux Client 2008

Turbolinux Server 11

Turbolinux Server 11 (x64)

サイバートラスト株式会社

Asianux Server 2.0

Asianux Server 2.1

Asianux Server 3 (x86)

Asianux Server 3 (x86-64)

Asianux Server 3.0

Asianux Server 3.0 (x86-64)

Asianux Server 4.0

Asianux Server 4.0 (x86-64)

アップル

Apple Mac OS X v10.4.11

Apple Mac OS X Server v10.4.11

iPhone v1.0 から v2.0.2

iPod touch v1.1 から v2.0.2

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2008-1806	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1806
National Vulnerability Database (NVD)
2	CVE-2008-1806	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1806

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-189	https://jvndb.jvn.jp/ja/cwe/CWE-189.html

ベンダー情報

No	Name	URL
Apple Security Updates
1	HT3026	http://support.apple.com/kb/HT3026
2	HT3129	http://support.apple.com/kb/HT3129
3	HT3438	http://support.apple.com/kb/HT3438
Apple セキュリティアップデート
4	HT3026	http://support.apple.com/kb/HT3026?viewlocale=ja_JP
5	HT3129	http://support.apple.com/kb/HT3129?viewlocale=ja_JP
6	HT3438	http://support.apple.com/kb/HT3438?viewlocale=ja_JP
Asianux Technical Support Network
7	freetype-2.2.1-20.1AXS3	https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=133
MIRACLE LINUX アップデート情報
8	1289	http://www.miraclelinux.com/update/linux/list.php?errata_id=1289
9	1326	http://www.miraclelinux.com/update/linux/list.php?errata_id=1326
Red Hat Security Advisory
10	RHSA-2008:0556	https://rhn.redhat.com/errata/RHSA-2008-0556.html
11	RHSA-2008:0558	https://rhn.redhat.com/errata/RHSA-2008-0558.html
Sun Alert Notification
12	239006	http://sunsolve.sun.com/search/document.do?assetkey=1-66-239006-1
Turbolinux Security Advisory
13	TLSA-2010-34	http://www.turbolinux.co.jp/security/2010/TLSA-2010-34j.txt
レッドハットセキュリティーアップデート
14	RHSA-2008:0556	http://www.jp.redhat.com/support/errata/RHSA/RHSA-2008-0556J.html
15	RHSA-2008:0558	http://www.jp.redhat.com/support/errata/RHSA/RHSA-2008-0558J.html

その他

No	Name	URL
FrSIRT Advisories
1	FrSIRT/ADV-2008-1794	http://www.frsirt.com/english/advisories/2008/1794
Secunia Advisory
2	SA30600	http://secunia.com/advisories/30600/

Change Log

No	Changed Details	Date of change
0	[2008年07月11日] 掲載 [2008年08月08日] 影響を受けるシステム：ミラクル・リナックス（freetype-2.2.1-20.1AXS3）を追加ベンダ情報：ミラクル・リナックス（freetype-2.2.1-20.1AXS3）を追加 [2008年09月25日] 影響を受けるシステム：アップルの情報を追加・HT3026 ・HT3129 ベンダ情報: アップルを追加・HT3026 ・HT3129 [2008年11月05日] 影響を受けるシステム：ミラクル・リナックス（1326）の情報を追加ベンダ情報：ミラクル・リナックス（1326）を追加 [2009年03月12日] 影響を受けるシステム：アップル (HT3438) の情報を追加ベンダ情報：アップル (HT3438) を追加 [2010年10月19日] 影響を受けるシステム：ターボリナックス (TLSA-2010-34) の情報を追加ベンダ情報：ターボリナックス (TLSA-2010-34) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2008-1806

Summary	Integer overflow in FreeType2 before 2.3.6 allows context-dependent attackers to execute arbitrary code via a crafted set of 16-bit length values within the Private dictionary table in a Printer Font Binary (PFB) file, which triggers a heap-based buffer overflow.
Publication Date	June 17, 2008, 4:41 a.m.
Registration Date	Jan. 29, 2021, 1:35 p.m.
Last Update	Oct. 12, 2018, 5:36 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:freetype:freetype:1.3.1:::::::*
cpe:2.3:a:freetype:freetype:2.3.3:::::::*
cpe:2.3:a:freetype:freetype:2.3.4:::::::*
cpe:2.3:a:freetype:freetype:2.3.5:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=715	IDEFENSE
2	http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html	APPLE
3	http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html	APPLE
4	http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html	APPLE
5	http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html	FULLDISC
6	http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html	SUSE
7	http://secunia.com/advisories/30600	SECUNIA	Vendor Advisory
8	http://secunia.com/advisories/30721	SECUNIA
9	http://secunia.com/advisories/30740	SECUNIA
10	http://secunia.com/advisories/30766	SECUNIA
11	http://secunia.com/advisories/30819	SECUNIA
12	http://secunia.com/advisories/30821	SECUNIA
13	http://secunia.com/advisories/30967	SECUNIA
14	http://secunia.com/advisories/31479	SECUNIA
15	http://secunia.com/advisories/31577	SECUNIA
16	http://secunia.com/advisories/31707	SECUNIA
17	http://secunia.com/advisories/31709	SECUNIA
18	http://secunia.com/advisories/31711	SECUNIA
19	http://secunia.com/advisories/31712	SECUNIA
20	http://secunia.com/advisories/31823	SECUNIA
21	http://secunia.com/advisories/31856	SECUNIA
22	http://secunia.com/advisories/31900	SECUNIA
23	http://secunia.com/advisories/33937	SECUNIA
24	http://security.gentoo.org/glsa/glsa-200806-10.xml	GENTOO
25	http://security.gentoo.org/glsa/glsa-201209-25.xml	GENTOO
26	http://securitytracker.com/id?1020238	SECTRACK
27	http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=605780	MISC
28	http://sunsolve.sun.com/search/document.do?assetkey=1-26-239006-1	SUNALERT
29	http://support.apple.com/kb/HT3026	CONFIRM
30	http://support.apple.com/kb/HT3129	CONFIRM
31	http://support.apple.com/kb/HT3438	CONFIRM
32	http://support.avaya.com/elmodocs2/security/ASA-2008-318.htm	CONFIRM
33	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0255	CONFIRM
34	http://www.mandriva.com/security/advisories?name=MDVSA-2008:121	MANDRIVA
35	http://www.redhat.com/support/errata/RHSA-2008-0556.html	REDHAT
36	http://www.redhat.com/support/errata/RHSA-2008-0558.html	REDHAT
37	http://www.securityfocus.com/archive/1/495497/100/0/threaded	BUGTRAQ
38	http://www.securityfocus.com/archive/1/495869/100/0/threaded	BUGTRAQ
39	http://www.securityfocus.com/bid/29640	BID	Patch
40	http://www.ubuntu.com/usn/usn-643-1	UBUNTU
41	http://www.vmware.com/security/advisories/VMSA-2008-0014.html	CONFIRM
42	http://www.vmware.com/support/player/doc/releasenotes_player.html	CONFIRM
43	http://www.vmware.com/support/player2/doc/releasenotes_player2.html	CONFIRM
44	http://www.vmware.com/support/server/doc/releasenotes_server.html	CONFIRM
45	http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html	CONFIRM
46	http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html	CONFIRM
47	http://www.vupen.com/english/advisories/2008/1794	VUPEN
48	http://www.vupen.com/english/advisories/2008/1876/references	VUPEN
49	http://www.vupen.com/english/advisories/2008/2423	VUPEN
50	http://www.vupen.com/english/advisories/2008/2466	VUPEN
51	http://www.vupen.com/english/advisories/2008/2525	VUPEN
52	http://www.vupen.com/english/advisories/2008/2558	VUPEN
53	https://issues.rpath.com/browse/RPL-2608	CONFIRM
54	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9321	OVAL
55	https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00717.html	FEDORA
56	https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00721.html	FEDORA

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-189	数値処理の問題	https://cwe.mitre.org/data/definitions/189.html