Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2006-1861

Disclosure Date: May 23, 2006
CVE-2006-1861
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Multiple integer overflows in FreeType before 2.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to (1) bdf/bdflib.c, (2) sfnt/ttcmap.c, (3) cff/cffgload.c, and (4) the read_lwfn function and a crafted LWFN file in base/ftmac.c. NOTE: item 4 was originally identified by CVE-2006-2493.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • freetype

Products

  • freetype 2.0.9,
  • freetype 2.1.10,
  • freetype 2.1.3,
  • freetype 2.1.4,
  • freetype 2.1.5,
  • freetype 2.1.6,
  • freetype 2.1.7,
  • freetype 2.1.8,
  • freetype 2.1.9

References

Canonical
CVE-2006-1861 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1861)
BID-18034 (http://www.securityfocus.com/bid/18034)
Advisory
http://lists.suse.com/archive/suse-security-announce/2006-Jun/0012.html
SECUNIA-20791 (http://secunia.com/advisories/20791)
SECUNIA-27271 (http://secunia.com/advisories/27271)
SECUNIA-33937 (http://secunia.com/advisories/33937)
http://sourceforge.net/project/shownotes.php?release_id=416463
SUNALERT-102705 (http://sunsolve.sun.com/search/document.do?assetkey=1-26-102705-1)
SECUNIA-21000 (http://secunia.com/advisories/21000)
SECUNIA-20525 (http://secunia.com/advisories/20525)
SECUNIA-21701 (http://secunia.com/advisories/21701)
GLSA-200607-02 (http://security.gentoo.org/glsa/glsa-200607-02.xml)
http://support.apple.com/kb/HT3438
SECUNIA-27162 (http://secunia.com/advisories/27162)
FEDORA-2009-5644 (https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01401.html)
APPLE-SA-2009-02-12 (http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html)
USN-291-1 (https://usn.ubuntu.com/291-1)
SECUNIA-21385 (http://secunia.com/advisories/21385)
FEDORA-2009-5558 (https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01316.html)
http://www.redhat.com/support/errata/RHSA-2009-1062.html
20060612 rPSA-2006-0100-1 freetype (http://www.securityfocus.com/archive/1/436836/100/0/threaded)
SECUNIA-21135 (http://secunia.com/advisories/21135)
XF-freetype-lwfn-overflow(26553) (https://exchange.xforce.ibmcloud.com/vulnerabilities/26553)
http://www.redhat.com/support/errata/RHSA-2006-0500.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9124
SECUNIA-23939 (http://secunia.com/advisories/23939)
https://bugzilla.redhat.com/show_bug.cgi?id=502565
http://support.avaya.com/elmodocs2/security/ASA-2006-176.htm
https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=128606
SECUNIA-20591 (http://secunia.com/advisories/20591)
http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html
SECUNIA-27167 (http://secunia.com/advisories/27167)
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190593
SECUNIA-20638 (http://secunia.com/advisories/20638)
SECUNIA-20100 (http://secunia.com/advisories/20100)
SECTRACK-1016522 (http://securitytracker.com/id?1016522)
SECUNIA-35233 (http://secunia.com/advisories/35233)
ADV-2007-0381 (http://www.vupen.com/english/advisories/2007/0381)
https://issues.rpath.com/browse/RPL-429
GLSA-200710-09 (http://www.gentoo.org/security/en/glsa/glsa-200710-09.xml)
SECUNIA-35200 (http://secunia.com/advisories/35200)
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190593#c8
SECUNIA-21062 (http://secunia.com/advisories/21062)
http://www.redhat.com/support/errata/RHSA-2009-0329.html
SECUNIA-35204 (http://secunia.com/advisories/35204)
http://www.mandriva.com/security/advisories?name=MDKSA-2006:099
DSA-1095 (http://www.debian.org/security/2006/dsa-1095)
ADV-2006-1868 (http://www.vupen.com/english/advisories/2006/1868)
Miscellaneous
https://access.redhat.com/errata/RHSA-2006:0500
https://access.redhat.com/errata/RHSA-2009:0329
https://access.redhat.com/errata/RHSA-2009:1062
https://access.redhat.com/security/cve/CVE-2006-1861
https://bugzilla.redhat.com/show_bug.cgi?id=484437
https://usn.ubuntu.com/291-1/

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis