製品・ソフトウェアに関する情報

JVN脆弱性詳細

FreeType2 における一つずれエラーの脆弱性

Title	FreeType2 における一つずれエラーの脆弱性
Summary	FreeType2 には、Printer Font Binary (PFB) ファイルおよび TrueType フォント(TTF) ファイルの処理に不備が存在するため、一つずれ (off-by-one) エラーによるヒープベースのバッファオーバーフローの脆弱性が存在します。
Possible impacts	Printer Font Binary (PFB) ファイルおよび TrueType フォント(TTF) ファイル処理に不備が存在するため、ヒープベースのバッファオーバーフローが起きる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	June 17, 2008, midnight
Registration Date	July 11, 2008, 2:35 p.m.
Last Update	Oct. 19, 2010, 3:15 p.m.

CVSS2.0 : 危険
Score	7.5
Vector	AV:N/AC:L/Au:N/C:P/I:P/A:P

Affected System

サン・マイクロシステムズ

OpenSolaris (sparc)

OpenSolaris (x86)

Sun Solaris 10 (sparc)

Sun Solaris 10 (x86)

Sun Solaris 8 (sparc)

Sun Solaris 8 (x86)

Sun Solaris 9 (sparc)

Sun Solaris 9 (x86)

レッドハット

Red Hat Enterprise Linux 2.1 (as)

Red Hat Enterprise Linux 2.1 (es)

Red Hat Enterprise Linux 2.1 (ws)

Red Hat Enterprise Linux 3 (as)

Red Hat Enterprise Linux 3 (es)

Red Hat Enterprise Linux 3 (ws)

Red Hat Enterprise Linux 4 (as)

Red Hat Enterprise Linux 4 (es)

Red Hat Enterprise Linux 4 (ws)

Red Hat Enterprise Linux 4.8 (as)

Red Hat Enterprise Linux 4.8 (es)

Red Hat Enterprise Linux 5 (server)

Red Hat Enterprise Linux Desktop 3.0

Red Hat Enterprise Linux Desktop 4.0

Red Hat Enterprise Linux Desktop 5.0 (client)

Red Hat Linux Advanced Workstation 2.1

RHEL Desktop Workstation 5 (client)

ターボリナックス

Turbolinux Appliance Server 3.0

Turbolinux Appliance Server 3.0 (x64)

Turbolinux Client 2008

Turbolinux Server 11

Turbolinux Server 11 (x64)

サイバートラスト株式会社

Asianux Server 2.0

Asianux Server 2.1

Asianux Server 3 (x86)

Asianux Server 3 (x86-64)

Asianux Server 3.0

Asianux Server 3.0 (x86-64)

Asianux Server 4.0

Asianux Server 4.0 (x86-64)

アップル

Apple Mac OS X v10.4.11

Apple Mac OS X Server v10.4.11

iPhone v1.0 から v2.0.2

iPod touch v1.1 から v2.0.2

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2008-1808	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1808
National Vulnerability Database (NVD)
2	CVE-2008-1808	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1808

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-189	https://jvndb.jvn.jp/ja/cwe/CWE-189.html

ベンダー情報

No	Name	URL
Apple Security Updates
1	HT3026	http://support.apple.com/kb/HT3026
2	HT3129	http://support.apple.com/kb/HT3129
3	HT3438	http://support.apple.com/kb/HT3438
Apple セキュリティアップデート
4	HT3026	http://support.apple.com/kb/HT3026?viewlocale=ja_JP
5	HT3129	http://support.apple.com/kb/HT3129?viewlocale=ja_JP
6	HT3438	http://support.apple.com/kb/HT3438?viewlocale=ja_JP
Asianux Technical Support Network
7	freetype-2.2.1-20.1AXS3	https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=133
MIRACLE LINUX アップデート情報
8	1289	http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=1289
9	1326	http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=1326
10	1726	http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=1726
Red Hat Security Advisory
11	RHSA-2008:0556	https://rhn.redhat.com/errata/RHSA-2008-0556.html
12	RHSA-2008:0558	https://rhn.redhat.com/errata/RHSA-2008-0558.html
13	RHSA-2009:0329	https://rhn.redhat.com/errata/RHSA-2009-0329.html
Sun Alert Notification
14	239006	http://sunsolve.sun.com/search/document.do?assetkey=1-66-239006-1
Turbolinux Security Advisory
15	TLSA-2010-34	http://www.turbolinux.co.jp/security/2010/TLSA-2010-34j.txt
レッドハットセキュリティーアップデート
16	RHSA-2008:0556	https://www.jp.redhat.com/support/errata/RHSA/RHSA-2008-0556J.html
17	RHSA-2008:0558	https://www.jp.redhat.com/support/errata/RHSA/RHSA-2008-0558J.html
18	RHSA-2009:0329	http://www.jp.redhat.com/support/errata/RHSA/RHSA-2009-0329J.html

その他

No	Name	URL
FrSIRT Advisories
1	FrSIRT/ADV-2008-1794	http://www.frsirt.com/english/advisories/2008/1794
Secunia Advisory
2	SA30600	http://secunia.com/advisories/30600/

Change Log

No	Changed Details	Date of change
0	[2008年07月11日] 掲載 [2008年08月08日] 影響を受けるシステム：ミラクル・リナックス（freetype-2.2.1-20.1AXS3）を追加ベンダ情報：ミラクル・リナックス（freetype-2.2.1-20.1AXS3）を追加 [2008年09月25日] 影響を受けるシステム：アップルの情報を追加・HT3026 ・HT3129 ベンダ情報: アップルを追加・HT3026 ・HT3129 [2008年11月05日] 影響を受けるシステム：ミラクル・リナックス（1326）の情報を追加ベンダ情報：ミラクル・リナックス（1326）を追加 [2009年03月12日] 影響を受けるシステム：アップル (HT3438) の情報を追加ベンダ情報：アップル (HT3438) を追加 [2009年07月01日] 影響を受けるシステム：レッドハット (RHSA-2009:0329) の情報を追加ベンダ情報：ミラクル・リナックス (1726) を追加ベンダ情報：レッドハット (RHSA-2009:0329) を追加 [2010年10月19日] 影響を受けるシステム：ターボリナックス (TLSA-2010-34) の情報を追加ベンダ情報：ターボリナックス (TLSA-2010-34) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2008-1808

Summary	Multiple off-by-one errors in FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via (1) a crafted table in a Printer Font Binary (PFB) file or (2) a crafted SHC instruction in a TrueType Font (TTF) file, which triggers a heap-based buffer overflow.
Publication Date	June 17, 2008, 4:41 a.m.
Registration Date	Jan. 27, 2021, 12:09 p.m.
Last Update	Jan. 26, 2021, 9:41 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:freetype:freetype:1.3.1:::::::*
cpe:2.3:a:freetype:freetype:2.0.6:::::::*
cpe:2.3:a:freetype:freetype:2.0.9:::::::*
cpe:2.3:a:freetype:freetype:2.1.7:::::::*
cpe:2.3:a:freetype:freetype:2.1.9:::::::*
cpe:2.3:a:freetype:freetype:2.1.10:::::::*
cpe:2.3:a:freetype:freetype:2.2.0:::::::*
cpe:2.3:a:freetype:freetype:2.2.1:::::::*
cpe:2.3:a:freetype:freetype:2.2.10:::::::*
cpe:2.3:a:freetype:freetype:2.3.3:::::::*
cpe:2.3:a:freetype:freetype:2.3.4:::::::*
cpe:2.3:a:freetype:freetype:2.3.5:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=717	IDEFENSE
2	http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html	APPLE
3	http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html	APPLE
4	http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html	APPLE
5	http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html	FULLDISC
6	http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html	SUSE
7	http://secunia.com/advisories/30600	SECUNIA	Vendor Advisory
8	http://secunia.com/advisories/30721	SECUNIA
9	http://secunia.com/advisories/30740	SECUNIA
10	http://secunia.com/advisories/30766	SECUNIA
11	http://secunia.com/advisories/30819	SECUNIA
12	http://secunia.com/advisories/30821	SECUNIA
13	http://secunia.com/advisories/30967	SECUNIA
14	http://secunia.com/advisories/31479	SECUNIA
15	http://secunia.com/advisories/31577	SECUNIA
16	http://secunia.com/advisories/31707	SECUNIA
17	http://secunia.com/advisories/31709	SECUNIA
18	http://secunia.com/advisories/31711	SECUNIA
19	http://secunia.com/advisories/31712	SECUNIA
20	http://secunia.com/advisories/31823	SECUNIA
21	http://secunia.com/advisories/31856	SECUNIA
22	http://secunia.com/advisories/31900	SECUNIA
23	http://secunia.com/advisories/33937	SECUNIA
24	http://secunia.com/advisories/35204	SECUNIA
25	http://security.gentoo.org/glsa/glsa-200806-10.xml	GENTOO
26	http://security.gentoo.org/glsa/glsa-201209-25.xml	GENTOO
27	http://securitytracker.com/id?1020240	SECTRACK
28	http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=605780	MISC
29	http://sunsolve.sun.com/search/document.do?assetkey=1-26-239006-1	SUNALERT
30	http://support.apple.com/kb/HT3026	CONFIRM
31	http://support.apple.com/kb/HT3129	CONFIRM
32	http://support.apple.com/kb/HT3438	CONFIRM
33	http://support.avaya.com/elmodocs2/security/ASA-2008-318.htm	CONFIRM
34	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0255	CONFIRM
35	http://www.mandriva.com/security/advisories?name=MDVSA-2008:121	MANDRIVA
36	http://www.redhat.com/support/errata/RHSA-2008-0556.html	REDHAT
37	http://www.redhat.com/support/errata/RHSA-2008-0558.html	REDHAT
38	http://www.redhat.com/support/errata/RHSA-2009-0329.html	REDHAT
39	http://www.securityfocus.com/archive/1/495497/100/0/threaded	BUGTRAQ
40	http://www.securityfocus.com/archive/1/495869/100/0/threaded	BUGTRAQ
41	http://www.securityfocus.com/bid/29637	BID	Patch
42	http://www.securityfocus.com/bid/29639	BID	Patch
43	http://www.ubuntu.com/usn/usn-643-1	UBUNTU
44	http://www.vmware.com/security/advisories/VMSA-2008-0014.html	CONFIRM
45	http://www.vmware.com/support/player/doc/releasenotes_player.html	CONFIRM
46	http://www.vmware.com/support/player2/doc/releasenotes_player2.html	CONFIRM
47	http://www.vmware.com/support/server/doc/releasenotes_server.html	CONFIRM
48	http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html	CONFIRM
49	http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html	CONFIRM
50	http://www.vupen.com/english/advisories/2008/1794	VUPEN
51	http://www.vupen.com/english/advisories/2008/1876/references	VUPEN
52	http://www.vupen.com/english/advisories/2008/2423	VUPEN
53	http://www.vupen.com/english/advisories/2008/2466	VUPEN
54	http://www.vupen.com/english/advisories/2008/2525	VUPEN
55	http://www.vupen.com/english/advisories/2008/2558	VUPEN
56	https://issues.rpath.com/browse/RPL-2608	CONFIRM
57	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11188	OVAL
58	https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00717.html	FEDORA
59	https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00721.html	FEDORA

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-189	数値処理の問題	https://cwe.mitre.org/data/definitions/189.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:freetype:freetype:1.3.1:::::::*
cpe:2.3:a:freetype:freetype:2.0.6:::::::*
cpe:2.3:a:freetype:freetype:2.0.9:::::::*
cpe:2.3:a:freetype:freetype:2.1.7:::::::*
cpe:2.3:a:freetype:freetype:2.1.9:::::::*
cpe:2.3:a:freetype:freetype:2.1.10:::::::*
cpe:2.3:a:freetype:freetype:2.2.0:::::::*
cpe:2.3:a:freetype:freetype:2.2.1:::::::*
cpe:2.3:a:freetype:freetype:2.2.10:::::::*
cpe:2.3:a:freetype:freetype:2.3.3:::::::*
cpe:2.3:a:freetype:freetype:2.3.4:::::::*
cpe:2.3:a:freetype:freetype:2.3.5:::::::*