// For flags

CVE-2006-0747

FreeType - '.TTF' File Remote Buffer Overflow

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Integer underflow in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a font file with an odd number of blue values, which causes the underflow when decrementing by 2 in a context that assumes an even number of values.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2006-02-17 CVE Reserved
  • 2006-05-23 CVE Published
  • 2006-06-08 First Exploit
  • 2024-08-07 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-189: Numeric Errors
CAPEC
References (32)
URL Tag Source
http://securitytracker.com/id?1016522 Vdb Entry
http://support.apple.com/kb/HT3549 X_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2006-176.htm X_refsource_confirm
http://www.securityfocus.com/archive/1/436836/100/0/threaded Mailing List
http://www.securityfocus.com/bid/18326 Vdb Entry
http://www.us-cert.gov/cas/techalerts/TA09-133A.html Third Party Advisory
https://issues.rpath.com/browse/RPL-429 X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9508 Signature
URL Date SRC
https://www.exploit-db.com/exploits/27992 2006-06-08
URL Date SRC
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=183676 2018-10-19
URL Date SRC
ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U 2018-10-19
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html 2018-10-19
http://lists.suse.com/archive/suse-security-announce/2006-Jun/0012.html 2018-10-19
http://secunia.com/advisories/20525 2018-10-19
http://secunia.com/advisories/20591 2018-10-19
http://secunia.com/advisories/20638 2018-10-19
http://secunia.com/advisories/20791 2018-10-19
http://secunia.com/advisories/21062 2018-10-19
http://secunia.com/advisories/21135 2018-10-19
http://secunia.com/advisories/21385 2018-10-19
http://secunia.com/advisories/21701 2018-10-19
http://secunia.com/advisories/23939 2018-10-19
http://secunia.com/advisories/35074 2018-10-19
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102705-1 2018-10-19
http://www.debian.org/security/2006/dsa-1095 2018-10-19
http://www.mandriva.com/security/advisories?name=MDKSA-2006:099 2018-10-19
http://www.redhat.com/support/errata/RHSA-2006-0500.html 2018-10-19
http://www.vupen.com/english/advisories/2007/0381 2018-10-19
http://www.vupen.com/english/advisories/2009/1297 2018-10-19
https://usn.ubuntu.com/291-1 2018-10-19
https://access.redhat.com/security/cve/CVE-2006-0747 2006-07-18
https://bugzilla.redhat.com/show_bug.cgi?id=1618019 2006-07-18
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Freetype
Search vendor "Freetype"
 Freetype
Search vendor "Freetype" for product "Freetype"
 <= 2.1
Search vendor "Freetype" for product "Freetype" and version " <= 2.1"
-
Affected