CVE-2006-3467

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Integer overflow in FreeType before 2.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PCF file, as demonstrated by the Red Hat bad1.pcf test file, due to a partial fix of CVE-2006-1861.

References

ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190593

http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html

http://lists.suse.com/archive/suse-security-announce/2006-Aug/0002.html

http://secunia.com/advisories/21062

http://secunia.com/advisories/21135

http://secunia.com/advisories/21144

http://secunia.com/advisories/21232

http://secunia.com/advisories/21285

http://secunia.com/advisories/21566

http://secunia.com/advisories/21567

http://secunia.com/advisories/21606

http://secunia.com/advisories/21626

http://secunia.com/advisories/21701

http://secunia.com/advisories/21793

http://secunia.com/advisories/21798

http://secunia.com/advisories/21836

http://secunia.com/advisories/22027

http://secunia.com/advisories/22332

http://secunia.com/advisories/22875

http://secunia.com/advisories/22907

http://secunia.com/advisories/23400

http://secunia.com/advisories/23939

http://secunia.com/advisories/27271

http://secunia.com/advisories/33937

http://security.gentoo.org/glsa/glsa-200609-04.xml

http://securitytracker.com/id?1016522

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102705-1

http://support.apple.com/kb/HT3438

http://support.avaya.com/elmodocs2/security/ASA-2006-176.htm

http://support.avaya.com/elmodocs2/security/ASA-2006-186.htm

http://support.avaya.com/elmodocs2/security/ASA-2006-284.htm

http://www.debian.org/security/2006/dsa-1178

http://www.debian.org/security/2006/dsa-1193

http://www.mandriva.com/security/advisories?name=MDKSA-2006:129

http://www.mandriva.com/security/advisories?name=MDKSA-2006:148

http://www.redhat.com/support/errata/RHSA-2006-0500.html

http://www.redhat.com/support/errata/RHSA-2006-0634.html

http://www.redhat.com/support/errata/RHSA-2006-0635.html

http://www.securityfocus.com/archive/1/444318/100/0/threaded

http://www.securityfocus.com/archive/1/451404/100/0/threaded

http://www.securityfocus.com/archive/1/451417/100/200/threaded

http://www.securityfocus.com/archive/1/451419/100/200/threaded

http://www.securityfocus.com/archive/1/451426/100/200/threaded

http://www.trustix.org/errata/2006/0052/

http://www.ubuntu.com/usn/usn-324-1

http://www.ubuntu.com/usn/usn-341-1

http://www.vmware.com/download/esx/esx-202-200610-patch.html

http://www.vmware.com/download/esx/esx-213-200610-patch.html

http://www.vmware.com/download/esx/esx-254-200610-patch.html

http://www.vupen.com/english/advisories/2006/4502

http://www.vupen.com/english/advisories/2006/4522

http://www.vupen.com/english/advisories/2007/0381

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10673

Details

Source: MITRE

Published: 2006-07-21

Updated: 2018-10-18

Type: CWE-189

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:* versions up to 2.1 (inclusive)

Tenable Plugins

View all (37 total)

IDNameProductFamilySeverity
130510Solaris 10 (x86) : 119060-73NessusSolaris Local Security Checks
high
130508Solaris 10 (sparc) : 119059-74NessusSolaris Local Security Checks
high
107806Solaris 10 (x86) : 119060-71NessusSolaris Local Security Checks
high
107805Solaris 10 (x86) : 119060-70NessusSolaris Local Security Checks
high
107804Solaris 10 (x86) : 119060-69NessusSolaris Local Security Checks
high
107803Solaris 10 (x86) : 119060-68NessusSolaris Local Security Checks
high
107802Solaris 10 (x86) : 119060-65NessusSolaris Local Security Checks
high
107801Solaris 10 (x86) : 119060-64NessusSolaris Local Security Checks
high
107304Solaris 10 (sparc) : 119059-72NessusSolaris Local Security Checks
high
107303Solaris 10 (sparc) : 119059-71NessusSolaris Local Security Checks
high
107302Solaris 10 (sparc) : 119059-70NessusSolaris Local Security Checks
high
107301Solaris 10 (sparc) : 119059-69NessusSolaris Local Security Checks
high
107300Solaris 10 (sparc) : 119059-66NessusSolaris Local Security Checks
high
107299Solaris 10 (sparc) : 119059-65NessusSolaris Local Security Checks
high
82537Solaris 10 (x86) : 119060-45NessusSolaris Local Security Checks
high
82536Solaris 10 (sparc) : 119059-46NessusSolaris Local Security Checks
high
35684Mac OS X Multiple Vulnerabilities (Security Update 2009-001)NessusMacOS X Local Security Checks
critical
29436SuSE 10 Security Update : freetype2 (ZYPP Patch Number 1918)NessusSuSE Local Security Checks
high
27920Ubuntu 5.04 / 5.10 / 6.06 LTS : libxfont, xorg vulnerability (USN-341-1)NessusUbuntu Local Security Checks
high
27902Ubuntu 5.04 / 5.10 / 6.06 LTS : freetype vulnerability (USN-324-1)NessusUbuntu Local Security Checks
high
27510openSUSE 10 Security Update : NX (NX-4555)NessusSuSE Local Security Checks
high
27225openSUSE 10 Security Update : freetype2 (freetype2-1910)NessusSuSE Local Security Checks
high
24862Solaris 9 (x86) : 124833-02NessusSolaris Local Security Checks
high
23895Mandrake Linux Security Advisory : xorg-x11 (MDKSA-2006:148)NessusMandriva Local Security Checks
high
23880Mandrake Linux Security Advisory : freetype2 (MDKSA-2006:129)NessusMandriva Local Security Checks
high
22985Solaris 10 (x86) : 119060-72 (deprecated)NessusSolaris Local Security Checks
high
22952Solaris 10 (sparc) : 119059-73 (deprecated)NessusSolaris Local Security Checks
high
22734Debian DSA-1193-1 : xfree86 - several vulnerabilitiesNessusDebian Local Security Checks
high
22720Debian DSA-1178-1 : freetype - integer overflowNessusDebian Local Security Checks
high
22503FreeBSD : freetype -- LWFN Files Buffer Overflow Vulnerability (b975763f-5210-11db-8f1a-000a48049292)NessusFreeBSD Local Security Checks
high
22326GLSA-200609-04 : LibXfont: Multiple integer overflowsNessusGentoo Local Security Checks
high
22281CentOS 4 : xorg-x11 (CESA-2006:0634)NessusCentOS Local Security Checks
high
22266RHEL 2.1 / 3 : XFree86 (RHSA-2006:0635)NessusRed Hat Local Security Checks
high
22265RHEL 4 : xorg-x11 (RHSA-2006:0634)NessusRed Hat Local Security Checks
high
22258CentOS 3 : XFree86 (CESA-2006:0635)NessusCentOS Local Security Checks
high
22068RHEL 2.1 / 3 / 4 : freetype (RHSA-2006:0500)NessusRed Hat Local Security Checks
high
22064CentOS 3 / 4 : freetype (CESA-2006:0500)NessusCentOS Local Security Checks
high