Lucene search

[email protected]NVD:CVE-2006-1861

HistoryMay 23, 2006 - 10:06 a.m.

CVE-2006-1861

2006-05-2310:06:00

CWE-189

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.7

Confidence

High

EPSS

0.137

Percentile

95.7%

JSON

Multiple integer overflows in FreeType before 2.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to (1) bdf/bdflib.c, (2) sfnt/ttcmap.c, (3) cff/cffgload.c, and (4) the read_lwfn function and a crafted LWFN file in base/ftmac.c. NOTE: item 4 was originally identified by CVE-2006-2493.

Affected configurations

NVD

Node

freetypefreetypeMatch2.0.9

freetypefreetypeMatch2.1.3

freetypefreetypeMatch2.1.4

freetypefreetypeMatch2.1.5

freetypefreetypeMatch2.1.6

freetypefreetypeMatch2.1.7

freetypefreetypeMatch2.1.8

freetypefreetypeMatch2.1.9

freetypefreetypeMatch2.1.10

References

ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U

lists.apple.com/archives/security-announce/2009/Feb/msg00000.html

lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html

lists.suse.com/archive/suse-security-announce/2006-Jun/0012.html

secunia.com/advisories/20100

secunia.com/advisories/20525

secunia.com/advisories/20591

secunia.com/advisories/20638

secunia.com/advisories/20791

secunia.com/advisories/21000

secunia.com/advisories/21062

secunia.com/advisories/21135

secunia.com/advisories/21385

secunia.com/advisories/21701

secunia.com/advisories/23939

secunia.com/advisories/27162

secunia.com/advisories/27167

secunia.com/advisories/27271

secunia.com/advisories/33937

secunia.com/advisories/35200

secunia.com/advisories/35204

secunia.com/advisories/35233

security.gentoo.org/glsa/glsa-200607-02.xml

securitytracker.com/id?1016522

sourceforge.net/project/shownotes.php?release_id=416463

sunsolve.sun.com/search/document.do?assetkey=1-26-102705-1

support.apple.com/kb/HT3438

support.avaya.com/elmodocs2/security/ASA-2006-176.htm

www.debian.org/security/2006/dsa-1095

www.gentoo.org/security/en/glsa/glsa-200710-09.xml

www.mandriva.com/security/advisories?name=MDKSA-2006:099

www.redhat.com/support/errata/RHSA-2006-0500.html

www.redhat.com/support/errata/RHSA-2009-0329.html

www.redhat.com/support/errata/RHSA-2009-1062.html

www.securityfocus.com/archive/1/436836/100/0/threaded

www.securityfocus.com/bid/18034

www.vupen.com/english/advisories/2006/1868

www.vupen.com/english/advisories/2007/0381

bugzilla.redhat.com/bugzilla/attachment.cgi?id=128606

bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190593

bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190593#c8

bugzilla.redhat.com/show_bug.cgi?id=502565

exchange.xforce.ibmcloud.com/vulnerabilities/26553

issues.rpath.com/browse/RPL-429

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9124

usn.ubuntu.com/291-1/

www.redhat.com/archives/fedora-package-announce/2009-May/msg01316.html

www.redhat.com/archives/fedora-package-announce/2009-May/msg01401.html

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.7

Confidence

High

EPSS

0.137

Percentile

95.7%

JSON

Related for NVD:CVE-2006-1861

nvd3 cvelist3 cve4 prion1 debiancve2 ubuntucve2 nessus21 ubuntu1 openvas27 debian1 osv1 gentoo3 slackware1 veracode1 fedora2 suse1 redhat3 freebsd1 oraclelinux2 centos3