CVE - CVE-2006-1861

CVE-ID
CVE-2006-1861	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Multiple integer overflows in FreeType before 2.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to (1) bdf/bdflib.c, (2) sfnt/ttcmap.c, (3) cff/cffgload.c, and (4) the read_lwfn function and a crafted LWFN file in base/ftmac.c. NOTE: item 4 was originally identified by CVE-2006-2493.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1016522 URL:http://securitytracker.com/id?1016522 MISC:102705 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-102705-1~~ (Obsolete source) MISC:18034 URL:http://www.securityfocus.com/bid/18034 MISC:20060612 rPSA-2006-0100-1 freetype URL:http://www.securityfocus.com/archive/1/436836/100/0/threaded MISC:20060701-01-U URL:ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U MISC:20100 URL:http://secunia.com/advisories/20100 MISC:20525 URL:http://secunia.com/advisories/20525 MISC:20591 URL:http://secunia.com/advisories/20591 MISC:20638 URL:http://secunia.com/advisories/20638 MISC:20791 URL:http://secunia.com/advisories/20791 MISC:21000 URL:http://secunia.com/advisories/21000 MISC:21062 URL:http://secunia.com/advisories/21062 MISC:21135 URL:http://secunia.com/advisories/21135 MISC:21385 URL:http://secunia.com/advisories/21385 MISC:21701 URL:http://secunia.com/advisories/21701 MISC:23939 URL:http://secunia.com/advisories/23939 MISC:27162 URL:http://secunia.com/advisories/27162 MISC:27167 URL:http://secunia.com/advisories/27167 MISC:27271 URL:http://secunia.com/advisories/27271 MISC:33937 URL:http://secunia.com/advisories/33937 MISC:35200 URL:http://secunia.com/advisories/35200 MISC:35204 URL:http://secunia.com/advisories/35204 MISC:35233 URL:http://secunia.com/advisories/35233 MISC:ADV-2006-1868 URL:~~http://www.vupen.com/english/advisories/2006/1868~~ (Obsolete source) MISC:ADV-2007-0381 URL:~~http://www.vupen.com/english/advisories/2007/0381~~ (Obsolete source) MISC:APPLE-SA-2009-02-12 URL:http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html MISC:DSA-1095 URL:http://www.debian.org/security/2006/dsa-1095 MISC:FEDORA-2009-5558 URL:https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01316.html MISC:FEDORA-2009-5644 URL:https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01401.html MISC:GLSA-200607-02 URL:http://security.gentoo.org/glsa/glsa-200607-02.xml MISC:GLSA-200710-09 URL:http://www.gentoo.org/security/en/glsa/glsa-200710-09.xml MISC:MDKSA-2006:099 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2006:099~~ (Obsolete source) MISC:RHSA-2006:0500 URL:http://www.redhat.com/support/errata/RHSA-2006-0500.html MISC:RHSA-2009:0329 URL:http://www.redhat.com/support/errata/RHSA-2009-0329.html MISC:RHSA-2009:1062 URL:http://www.redhat.com/support/errata/RHSA-2009-1062.html MISC:SUSE-SA:2006:037 URL:http://lists.suse.com/archive/suse-security-announce/2006-Jun/0012.html MISC:SUSE-SR:2007:021 URL:http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html MISC:USN-291-1 URL:https://usn.ubuntu.com/291-1/ MISC:freetype-lwfn-overflow(26553) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/26553 MISC:http://sourceforge.net/project/shownotes.php?release_id=416463 URL:http://sourceforge.net/project/shownotes.php?release_id=416463 MISC:http://support.apple.com/kb/HT3438 URL:http://support.apple.com/kb/HT3438 MISC:http://support.avaya.com/elmodocs2/security/ASA-2006-176.htm URL:http://support.avaya.com/elmodocs2/security/ASA-2006-176.htm MISC:https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=128606 URL:https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=128606 MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190593 URL:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190593 MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190593#c8 URL:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190593#c8 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=502565 URL:https://bugzilla.redhat.com/show_bug.cgi?id=502565 MISC:https://issues.rpath.com/browse/RPL-429 URL:https://issues.rpath.com/browse/RPL-429 MISC:oval:org.mitre.oval:def:9124 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9124
Assigning CNA
Red Hat, Inc.
Date Record Created
20060419	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20060419)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)