CVE Vulnerabilities

CVE-2006-1861

Published: May 23, 2006 | Modified: Nov 07, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Multiple integer overflows in FreeType before 2.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to (1) bdf/bdflib.c, (2) sfnt/ttcmap.c, (3) cff/cffgload.c, and (4) the read_lwfn function and a crafted LWFN file in base/ftmac.c. NOTE: item 4 was originally identified by CVE-2006-2493.

Affected Software

Name Vendor Start Version End Version
Freetype Freetype 2.1.9 2.1.9
Freetype Freetype 2.1.10 2.1.10
Freetype Freetype 2.1.5 2.1.5
Freetype Freetype 2.1.8 2.1.8
Freetype Freetype 2.1.3 2.1.3
Freetype Freetype 2.1.6 2.1.6
Freetype Freetype 2.0.9 2.0.9
Freetype Freetype 2.1.7 2.1.7
Freetype Freetype 2.1.4 2.1.4

References