CVE-2006-3467

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions libXfont versions prior to 1.2.0 freetype2-64bit (affected versions not specified) freetype2-devel-64bit (affected versions not specified) freetype2-x86 (affected versions not specified) FreeType versions prior to 2.2

Description The issue is related to an integer overflow in FreeType, which can be exploited remotely. This may lead to a denial of service (crash) and potentially allow the execution of arbitrary code via a crafted PCF file. The vulnerability can compromise the confidentiality, integrity, and availability of protected information.

Recommendations For libXfont versions prior to 1.2.0, update to version 1.2.0 or later. For freetype2-64bit, freetype2-devel-64bit, and freetype2-x86, update to a version that includes the fix for the integer overflow issue. For FreeType versions prior to 2.2, update to version 2.2 or later. As a temporary workaround, consider restricting access to crafted PCF files to minimize the risk of exploitation.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-189

Related Identifiers

BDU:2015-04895

BDU:2015-04896

BDU:2015-04897

BDU:2015-09526

CVE-2006-3467

DSA-1178-1

DSA-1193-1

RHSA-2006:0500

RHSA-2006:0634

RHSA-2006:0635

RHSA-2006_0500

RHSA-2006_0634

Affected Products

Freetype

Red Hat

Libxfont

CVE-2006-3467

Weakness Enumeration

Related Identifiers

Affected Products

References · 75