CVE - CVE-2006-3739

CVE-ID
CVE-2006-3739	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Integer overflow in the CIDAFM function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted Adobe Font Metrics (AFM) files with a modified number of character metrics (StartCharMetrics), which leads to a heap-based buffer overflow.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1016828 URL:http://securitytracker.com/id?1016828 MISC:102714 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-102714-1~~ (Obsolete source) MISC:102780 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-102780-1~~ (Obsolete source) MISC:19974 URL:http://www.securityfocus.com/bid/19974 MISC:20060912 Multiple Vendor X Server CID-keyed Fonts 'CIDAFM()' Integer Overflow Vulnerability URL:http://www.idefense.com/intelligence/vulnerabilities/display.php?id=412 MISC:20060912 rPSA-2006-0167-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs URL:http://www.securityfocus.com/archive/1/445812/100/0/threaded MISC:20070330 VMSA-2007-0002 VMware ESX security updates URL:http://www.securityfocus.com/archive/1/464268/100/0/threaded MISC:21864 URL:http://secunia.com/advisories/21864 MISC:21889 URL:http://secunia.com/advisories/21889 MISC:21890 URL:http://secunia.com/advisories/21890 MISC:21894 URL:http://secunia.com/advisories/21894 MISC:21900 URL:http://secunia.com/advisories/21900 MISC:21904 URL:http://secunia.com/advisories/21904 MISC:21908 URL:http://secunia.com/advisories/21908 MISC:21924 URL:http://secunia.com/advisories/21924 MISC:22080 URL:http://secunia.com/advisories/22080 MISC:22141 URL:http://secunia.com/advisories/22141 MISC:22332 URL:http://secunia.com/advisories/22332 MISC:22560 URL:http://secunia.com/advisories/22560 MISC:23033 URL:http://secunia.com/advisories/23033 MISC:23899 URL:http://secunia.com/advisories/23899 MISC:24636 URL:http://secunia.com/advisories/24636 MISC:ADV-2006-3581 URL:~~http://www.vupen.com/english/advisories/2006/3581~~ (Obsolete source) MISC:ADV-2006-3582 URL:~~http://www.vupen.com/english/advisories/2006/3582~~ (Obsolete source) MISC:ADV-2007-0322 URL:~~http://www.vupen.com/english/advisories/2007/0322~~ (Obsolete source) MISC:ADV-2007-1171 URL:~~http://www.vupen.com/english/advisories/2007/1171~~ (Obsolete source) MISC:DSA-1193 URL:http://www.debian.org/security/2006/dsa-1193 MISC:GLSA-200609-07 URL:http://security.gentoo.org/glsa/glsa-200609-07.xml MISC:MDKSA-2006:164 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2006:164~~ (Obsolete source) MISC:RHSA-2006:0665 URL:http://www.redhat.com/support/errata/RHSA-2006-0665.html MISC:RHSA-2006:0666 URL:http://www.redhat.com/support/errata/RHSA-2006-0666.html MISC:SUSE-SR:2006:023 URL:http://www.novell.com/linux/security/advisories/2006_23_sr.html MISC:USN-344-1 URL:http://www.ubuntu.com/usn/usn-344-1 MISC:http://support.avaya.com/elmodocs2/security/ASA-2006-190.htm URL:http://support.avaya.com/elmodocs2/security/ASA-2006-190.htm MISC:http://support.avaya.com/elmodocs2/security/ASA-2006-191.htm URL:http://support.avaya.com/elmodocs2/security/ASA-2006-191.htm MISC:http://www.vmware.com/support/esx25/doc/esx-254-200702-patch.html URL:http://www.vmware.com/support/esx25/doc/esx-254-200702-patch.html MISC:https://issues.rpath.com/browse/RPL-614 URL:https://issues.rpath.com/browse/RPL-614 MISC:oval:org.mitre.oval:def:10305 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10305 MISC:xorg-server-cidafm-overflow(28899) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/28899
Assigning CNA
Red Hat, Inc.
Date Record Created
20060720	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20060720)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)