PT-2006-1071 · X.Org+1 · Libxfont+2

Published

2006-09-12

Updated

2018-10-17

CVE-2006-3740

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: X.Org version 6.8.2 libXfont versions prior to 1.2.1

Description: The issue is related to an integer overflow in the scan cidfont function, which can be exploited by local users to execute arbitrary code via crafted font data. This includes modified item counts in specific sections of the font data. Additionally, multiple vulnerabilities in the libXfont package can lead to breaches of confidentiality, integrity, and availability of protected information, and these can be exploited locally.

Recommendations: For X.Org version 6.8.2, update to a version that fixes the integer overflow issue in the scan cidfont function. For libXfont versions prior to 1.2.1, update to version 1.2.1 or later to address the multiple vulnerabilities.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

BDU:2015-09527

CVE-2006-3740

DSA-1193-1

RHSA-2006:0665

RHSA-2006:0666

RHSA-2006_0665

Affected Products

Red Hat

X.Org

Libxfont

PT-2006-1071 · X.Org+1 · Libxfont+2

CVE-2006-3740

Related Identifiers

Affected Products

References · 47