CVE-2006-3467

HIGH

Description

Integer overflow in FreeType before 2.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PCF file, as demonstrated by the Red Hat bad1.pcf test file, due to a partial fix of CVE-2006-1861.

References

ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190593

http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html

http://lists.suse.com/archive/suse-security-announce/2006-Aug/0002.html

http://secunia.com/advisories/21062

http://secunia.com/advisories/21135

http://secunia.com/advisories/21144

http://secunia.com/advisories/21232

http://secunia.com/advisories/21285

http://secunia.com/advisories/21566

http://secunia.com/advisories/21567

http://secunia.com/advisories/21606

http://secunia.com/advisories/21626

http://secunia.com/advisories/21701

http://secunia.com/advisories/21793

http://secunia.com/advisories/21798

http://secunia.com/advisories/21836

http://secunia.com/advisories/22027

http://secunia.com/advisories/22332

http://secunia.com/advisories/22875

http://secunia.com/advisories/22907

http://secunia.com/advisories/23400

http://secunia.com/advisories/23939

http://secunia.com/advisories/27271

http://secunia.com/advisories/33937

http://security.gentoo.org/glsa/glsa-200609-04.xml

http://securitytracker.com/id?1016522

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102705-1

http://support.apple.com/kb/HT3438

http://support.avaya.com/elmodocs2/security/ASA-2006-176.htm

http://support.avaya.com/elmodocs2/security/ASA-2006-186.htm

http://support.avaya.com/elmodocs2/security/ASA-2006-284.htm

http://www.debian.org/security/2006/dsa-1178

http://www.debian.org/security/2006/dsa-1193

http://www.mandriva.com/security/advisories?name=MDKSA-2006:129

http://www.mandriva.com/security/advisories?name=MDKSA-2006:148

http://www.redhat.com/support/errata/RHSA-2006-0500.html

http://www.redhat.com/support/errata/RHSA-2006-0634.html

http://www.redhat.com/support/errata/RHSA-2006-0635.html

http://www.securityfocus.com/archive/1/444318/100/0/threaded

http://www.securityfocus.com/archive/1/451404/100/0/threaded

http://www.securityfocus.com/archive/1/451417/100/200/threaded

http://www.securityfocus.com/archive/1/451419/100/200/threaded

http://www.securityfocus.com/archive/1/451426/100/200/threaded

http://www.trustix.org/errata/2006/0052/

http://www.ubuntu.com/usn/usn-324-1

http://www.ubuntu.com/usn/usn-341-1

http://www.vmware.com/download/esx/esx-202-200610-patch.html

http://www.vmware.com/download/esx/esx-213-200610-patch.html

http://www.vmware.com/download/esx/esx-254-200610-patch.html

http://www.vupen.com/english/advisories/2006/4502

http://www.vupen.com/english/advisories/2006/4522

http://www.vupen.com/english/advisories/2007/0381

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10673

Details

Source: MITRE

Published: 2006-07-21

Updated: 2018-10-18

Type: CWE-189

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:* versions up to 2.1 (inclusive)

Tenable Plugins

View all (37 total)

IDNameProductFamilySeverity
130510Solaris 10 (x86) : 119060-73NessusSolaris Local Security Checks
high
130508Solaris 10 (sparc) : 119059-74NessusSolaris Local Security Checks
high
107806Solaris 10 (x86) : 119060-71NessusSolaris Local Security Checks
high
107805Solaris 10 (x86) : 119060-70NessusSolaris Local Security Checks
high
107804Solaris 10 (x86) : 119060-69NessusSolaris Local Security Checks
high
107803Solaris 10 (x86) : 119060-68NessusSolaris Local Security Checks
high
107802Solaris 10 (x86) : 119060-65NessusSolaris Local Security Checks
high
107801Solaris 10 (x86) : 119060-64NessusSolaris Local Security Checks
high
107304Solaris 10 (sparc) : 119059-72NessusSolaris Local Security Checks
high
107303Solaris 10 (sparc) : 119059-71NessusSolaris Local Security Checks
high
107302Solaris 10 (sparc) : 119059-70NessusSolaris Local Security Checks
high
107301Solaris 10 (sparc) : 119059-69NessusSolaris Local Security Checks
high
107300Solaris 10 (sparc) : 119059-66NessusSolaris Local Security Checks
high
107299Solaris 10 (sparc) : 119059-65NessusSolaris Local Security Checks
high
82537Solaris 10 (x86) : 119060-45NessusSolaris Local Security Checks
high
82536Solaris 10 (sparc) : 119059-46NessusSolaris Local Security Checks
high
35684Mac OS X Multiple Vulnerabilities (Security Update 2009-001)NessusMacOS X Local Security Checks
critical
29436SuSE 10 Security Update : freetype2 (ZYPP Patch Number 1918)NessusSuSE Local Security Checks
high
27920Ubuntu 5.04 / 5.10 / 6.06 LTS : libxfont, xorg vulnerability (USN-341-1)NessusUbuntu Local Security Checks
high
27902Ubuntu 5.04 / 5.10 / 6.06 LTS : freetype vulnerability (USN-324-1)NessusUbuntu Local Security Checks
high
27510openSUSE 10 Security Update : NX (NX-4555)NessusSuSE Local Security Checks
high
27225openSUSE 10 Security Update : freetype2 (freetype2-1910)NessusSuSE Local Security Checks
high
24862Solaris 9 (x86) : 124833-02NessusSolaris Local Security Checks
high
23895Mandrake Linux Security Advisory : xorg-x11 (MDKSA-2006:148)NessusMandriva Local Security Checks
high
23880Mandrake Linux Security Advisory : freetype2 (MDKSA-2006:129)NessusMandriva Local Security Checks
high
22985Solaris 10 (x86) : 119060-72 (deprecated)NessusSolaris Local Security Checks
high
22952Solaris 10 (sparc) : 119059-73 (deprecated)NessusSolaris Local Security Checks
high
22734Debian DSA-1193-1 : xfree86 - several vulnerabilitiesNessusDebian Local Security Checks
high
22720Debian DSA-1178-1 : freetype - integer overflowNessusDebian Local Security Checks
high
22503FreeBSD : freetype -- LWFN Files Buffer Overflow Vulnerability (b975763f-5210-11db-8f1a-000a48049292)NessusFreeBSD Local Security Checks
high
22326GLSA-200609-04 : LibXfont: Multiple integer overflowsNessusGentoo Local Security Checks
high
22281CentOS 4 : xorg-x11 (CESA-2006:0634)NessusCentOS Local Security Checks
high
22266RHEL 2.1 / 3 : XFree86 (RHSA-2006:0635)NessusRed Hat Local Security Checks
high
22265RHEL 4 : xorg-x11 (RHSA-2006:0634)NessusRed Hat Local Security Checks
high
22258CentOS 3 : XFree86 (CESA-2006:0635)NessusCentOS Local Security Checks
high
22068RHEL 2.1 / 3 / 4 : freetype (RHSA-2006:0500)NessusRed Hat Local Security Checks
high
22064CentOS 3 / 4 : freetype (CESA-2006:0500)NessusCentOS Local Security Checks
high