CVE-2006-3739

Name of the Vulnerable Software and Affected Versions: libXfont versions prior to 1.2.1 X.Org version 6.8.2 XFree86 X server (affected versions not specified)

Description: The issue concerns multiple vulnerabilities in the libXfont package and X.Org/XFree86 X server, which can be exploited locally to compromise the confidentiality, integrity, and availability of protected information. Specifically, an integer overflow in the CIDAFM function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted Adobe Font Metrics (AFM) files with a modified number of character metrics (StartCharMetrics), leading to a heap-based buffer overflow.

Recommendations: For libXfont versions prior to 1.2.1, update to version 1.2.1 or later. For X.Org version 6.8.2, consider disabling the CIDAFM function as a temporary workaround until a patch is available. For XFree86 X server, at the moment, there is no information about a newer version that contains a fix for this vulnerability.