CVE-2006-1861

Severity

75%

Complexity

99%

Confidentiality

106%

Multiple integer overflows in FreeType before 2.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to (1) bdf/bdflib.c, (2) sfnt/ttcmap.c, (3) cff/cffgload.c, and (4) the read_lwfn function and a crafted LWFN file in base/ftmac.c. NOTE: item 4 was originally identified by CVE-2006-2493.

Multiple integer overflows in FreeType before 2.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to (1) bdf/bdflib.c, (2) sfnt/ttcmap.c, (3) cff/cffgload.c, and (4) the read_lwfn function and a crafted LWFN file in base/ftmac.c. NOTE: item 4 was originally identified by CVE-2006-2493.

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

FreeType

First reported 18 years ago

2006-05-23 10:06:00

Last updated 6 years ago

2018-10-18 16:36:00

Affected Software

FreeType 2.0.9

2.0.9

FreeType 2.1.3

2.1.3

FreeType 2.1.4

2.1.4

FreeType 2.1.5

2.1.5

FreeType 2.1.6

2.1.6

FreeType 2.1.7

2.1.7

FreeType 2.1.8

2.1.8

FreeType 2.1.8 rc1

2.1.8_rc1

FreeType 2.1.9

2.1.9

FreeType 2.1.10

2.1.10

References

20060701-01-U

APPLE-SA-2009-02-12

SUSE-SR:2007:021

SUSE-SA:2006:037

20100

Patch, Vendor Advisory

20525

Vendor Advisory

20591

Vendor Advisory

20638

Vendor Advisory

20791

Vendor Advisory

21000

Vendor Advisory

21062

Vendor Advisory

21135

Vendor Advisory

21385

Vendor Advisory

21701

Vendor Advisory

23939

Vendor Advisory

27162

Vendor Advisory

27167

Vendor Advisory

27271

Vendor Advisory

33937

Vendor Advisory

35200

Vendor Advisory

35204

Vendor Advisory

35233

Vendor Advisory

GLSA-200607-02

1016522

http://sourceforge.net/project/shownotes.php?release_id=416463

Patch

102705

http://support.apple.com/kb/HT3438

http://support.avaya.com/elmodocs2/security/ASA-2006-176.htm

DSA-1095

GLSA-200710-09

MDKSA-2006:099

RHSA-2006:0500

RHSA-2009:0329

Vendor Advisory

RHSA-2009:1062

Vendor Advisory

20060612 rPSA-2006-0100-1 freetype

18034

Patch

ADV-2006-1868

Vendor Advisory

ADV-2007-0381

Vendor Advisory

https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=128606

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190593

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190593#c8

https://bugzilla.redhat.com/show_bug.cgi?id=502565

freetype-lwfn-overflow(26553)

https://issues.rpath.com/browse/RPL-429

oval:org.mitre.oval:def:9124

USN-291-1

FEDORA-2009-5558

FEDORA-2009-5644

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.