CVE Vulnerabilities

CVE-2006-1861

Published: May 23, 2006 | Modified: Nov 07, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
UNTRIAGED

Multiple integer overflows in FreeType before 2.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to (1) bdf/bdflib.c, (2) sfnt/ttcmap.c, (3) cff/cffgload.c, and (4) the read_lwfn function and a crafted LWFN file in base/ftmac.c. NOTE: item 4 was originally identified by CVE-2006-2493.

Affected Software

Name Vendor Start Version End Version
Freetype Freetype 2.0.9 (including) 2.0.9 (including)
Freetype Freetype 2.1.3 (including) 2.1.3 (including)
Freetype Freetype 2.1.4 (including) 2.1.4 (including)
Freetype Freetype 2.1.5 (including) 2.1.5 (including)
Freetype Freetype 2.1.6 (including) 2.1.6 (including)
Freetype Freetype 2.1.7 (including) 2.1.7 (including)
Freetype Freetype 2.1.8 (including) 2.1.8 (including)
Freetype Freetype 2.1.9 (including) 2.1.9 (including)
Freetype Freetype 2.1.10 (including) 2.1.10 (including)
Red Hat Enterprise Linux 2.1 RedHat freetype-0:2.0.3-17.el21 *
Red Hat Enterprise Linux 3 RedHat freetype-0:2.1.4-4.0.rhel3.2 *
Red Hat Enterprise Linux 3 RedHat freetype-0:2.1.4-12.el3 *
Red Hat Enterprise Linux 4 RedHat freetype-0:2.1.9-1.rhel4.4 *
Red Hat Enterprise Linux 4 RedHat freetype-0:2.1.9-10.el4.7 *
Freetype Ubuntu dapper *

References