CVE - CVE-2006-1861

CVE-ID
CVE-2006-1861	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Multiple integer overflows in FreeType before 2.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to (1) bdf/bdflib.c, (2) sfnt/ttcmap.c, (3) cff/cffgload.c, and (4) the read_lwfn function and a crafted LWFN file in base/ftmac.c. NOTE: item 4 was originally identified by CVE-2006-2493.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
APPLE:APPLE-SA-2009-02-12 URL:http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html BID:18034 URL:http://www.securityfocus.com/bid/18034 BUGTRAQ:20060612 rPSA-2006-0100-1 freetype URL:http://www.securityfocus.com/archive/1/436836/100/0/threaded CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=416463 CONFIRM:http://support.apple.com/kb/HT3438 CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-176.htm CONFIRM:https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=128606 CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190593 CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190593#c8 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=502565 CONFIRM:https://issues.rpath.com/browse/RPL-429 DEBIAN:DSA-1095 URL:http://www.debian.org/security/2006/dsa-1095 FEDORA:FEDORA-2009-5558 URL:https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01316.html FEDORA:FEDORA-2009-5644 URL:https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01401.html GENTOO:GLSA-200607-02 URL:http://security.gentoo.org/glsa/glsa-200607-02.xml GENTOO:GLSA-200710-09 URL:http://www.gentoo.org/security/en/glsa/glsa-200710-09.xml MANDRIVA:MDKSA-2006:099 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:099 OVAL:oval:org.mitre.oval:def:9124 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9124 REDHAT:RHSA-2006:0500 URL:http://www.redhat.com/support/errata/RHSA-2006-0500.html REDHAT:RHSA-2009:0329 URL:http://www.redhat.com/support/errata/RHSA-2009-0329.html REDHAT:RHSA-2009:1062 URL:http://www.redhat.com/support/errata/RHSA-2009-1062.html SECTRACK:1016522 URL:http://securitytracker.com/id?1016522 SECUNIA:20100 URL:http://secunia.com/advisories/20100 SECUNIA:20525 URL:http://secunia.com/advisories/20525 SECUNIA:20591 URL:http://secunia.com/advisories/20591 SECUNIA:20638 URL:http://secunia.com/advisories/20638 SECUNIA:20791 URL:http://secunia.com/advisories/20791 SECUNIA:21000 URL:http://secunia.com/advisories/21000 SECUNIA:21062 URL:http://secunia.com/advisories/21062 SECUNIA:21135 URL:http://secunia.com/advisories/21135 SECUNIA:21385 URL:http://secunia.com/advisories/21385 SECUNIA:21701 URL:http://secunia.com/advisories/21701 SECUNIA:23939 URL:http://secunia.com/advisories/23939 SECUNIA:27162 URL:http://secunia.com/advisories/27162 SECUNIA:27167 URL:http://secunia.com/advisories/27167 SECUNIA:27271 URL:http://secunia.com/advisories/27271 SECUNIA:33937 URL:http://secunia.com/advisories/33937 SECUNIA:35200 URL:http://secunia.com/advisories/35200 SECUNIA:35204 URL:http://secunia.com/advisories/35204 SECUNIA:35233 URL:http://secunia.com/advisories/35233 SGI:20060701-01-U URL:ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U SUNALERT:102705 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102705-1 SUSE:SUSE-SA:2006:037 URL:http://lists.suse.com/archive/suse-security-announce/2006-Jun/0012.html SUSE:SUSE-SR:2007:021 URL:http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html UBUNTU:USN-291-1 URL:https://usn.ubuntu.com/291-1/ VUPEN:ADV-2006-1868 URL:http://www.vupen.com/english/advisories/2006/1868 VUPEN:ADV-2007-0381 URL:http://www.vupen.com/english/advisories/2007/0381 XF:freetype-lwfn-overflow(26553) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/26553
Assigning CNA
Red Hat, Inc.
Date Record Created
20060419	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20060419)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is a record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)