CVE - CVE-2006-1861

CVE-ID
CVE-2006-1861	Learn more at National Vulnerability Database (NVD) • Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
Multiple integer overflows in FreeType before 2.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to (1) bdf/bdflib.c, (2) sfnt/ttcmap.c, (3) cff/cffgload.c, and (4) the read_lwfn function and a crafted LWFN file in base/ftmac.c. NOTE: item 4 was originally identified by CVE-2006-2493.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20060612 rPSA-2006-0100-1 freetype URL:http://www.securityfocus.com/archive/1/archive/1/436836/100/0/threaded CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=416463 CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190593 CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190593#c8 CONFIRM:https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=128606 CONFIRM:https://issues.rpath.com/browse/RPL-429 CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-176.htm CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=502565 CONFIRM:http://support.apple.com/kb/HT3438 APPLE:APPLE-SA-2009-02-12 URL:http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html DEBIAN:DSA-1095 URL:http://www.debian.org/security/2006/dsa-1095 FEDORA:FEDORA-2009-5558 URL:https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01316.html FEDORA:FEDORA-2009-5644 URL:https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01401.html GENTOO:GLSA-200607-02 URL:http://security.gentoo.org/glsa/glsa-200607-02.xml GENTOO:GLSA-200710-09 URL:http://www.gentoo.org/security/en/glsa/glsa-200710-09.xml MANDRIVA:MDKSA-2006:099 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:099 REDHAT:RHSA-2006:0500 URL:http://www.redhat.com/support/errata/RHSA-2006-0500.html REDHAT:RHSA-2009:0329 URL:http://www.redhat.com/support/errata/RHSA-2009-0329.html REDHAT:RHSA-2009:1062 URL:http://www.redhat.com/support/errata/RHSA-2009-1062.html SGI:20060701-01-U URL:ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U SUNALERT:102705 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102705-1 SUSE:SUSE-SA:2006:037 URL:http://lists.suse.com/archive/suse-security-announce/2006-Jun/0012.html SUSE:SUSE-SR:2007:021 URL:http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html UBUNTU:USN-291-1 URL:http://www.ubuntulinux.org/support/documentation/usn/usn-291-1 BID:18034 URL:http://www.securityfocus.com/bid/18034 OVAL:oval:org.mitre.oval:def:9124 URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9124 SECUNIA:35200 URL:http://secunia.com/advisories/35200 SECUNIA:35204 URL:http://secunia.com/advisories/35204 SECUNIA:35233 URL:http://secunia.com/advisories/35233 VUPEN:ADV-2006-1868 URL:http://www.vupen.com/english/advisories/2006/1868 VUPEN:ADV-2007-0381 URL:http://www.vupen.com/english/advisories/2007/0381 SECTRACK:1016522 URL:http://securitytracker.com/id?1016522 SECUNIA:20100 URL:http://secunia.com/advisories/20100 SECUNIA:20525 URL:http://secunia.com/advisories/20525 SECUNIA:20591 URL:http://secunia.com/advisories/20591 SECUNIA:20638 URL:http://secunia.com/advisories/20638 SECUNIA:20791 URL:http://secunia.com/advisories/20791 SECUNIA:21000 URL:http://secunia.com/advisories/21000 SECUNIA:21062 URL:http://secunia.com/advisories/21062 SECUNIA:21135 URL:http://secunia.com/advisories/21135 SECUNIA:21385 URL:http://secunia.com/advisories/21385 SECUNIA:21701 URL:http://secunia.com/advisories/21701 SECUNIA:23939 URL:http://secunia.com/advisories/23939 SECUNIA:27162 URL:http://secunia.com/advisories/27162 SECUNIA:27167 URL:http://secunia.com/advisories/27167 SECUNIA:27271 URL:http://secunia.com/advisories/27271 SECUNIA:33937 URL:http://secunia.com/advisories/33937 XF:freetype-lwfn-overflow(26553) URL:http://xforce.iss.net/xforce/xfdb/26553
Date Entry Created
20060419	Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20060419)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE list, which standardizes names for security problems.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org

Use of the Common Vulnerabilities and Exposures List and the associated references from this Web site are subject to the Terms of Use. For more information, please email cve@mitre.org.

CVE is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Copyright © 1999–2017, The MITRE Corporation. CVE and the CVE logo are registered trademarks and CVE-Compatible is a trademark of The MITRE Corporation.

Site Map
Privacy policy
Terms of use
Contact us