CVE-2006-1861

freetype: multiple integer overflow vulnerabilities

Severity Score

9.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple integer overflows in FreeType before 2.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to (1) bdf/bdflib.c, (2) sfnt/ttcmap.c, (3) cff/cffgload.c, and (4) the read_lwfn function and a crafted LWFN file in base/ftmac.c. NOTE: item 4 was originally identified by CVE-2006-2493.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2006-04-19 CVE Reserved
2006-05-23 CVE Published
2024-08-07 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-189: Numeric Errors
CWE-190: Integer Overflow or Wraparound

CAPEC

References (50)

URL	Tag	Source
http://securitytracker.com/id?1016522	Vdb Entry
http://support.apple.com/kb/HT3438	X_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2006-176.htm	X_refsource_confirm
http://www.securityfocus.com/archive/1/436836/100/0/threaded	Mailing List
https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=128606	X_refsource_confirm
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190593	X_refsource_confirm
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190593#c8	X_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=502565	X_refsource_confirm
https://exchange.xforce.ibmcloud.com/vulnerabilities/26553	Vdb Entry
https://issues.rpath.com/browse/RPL-429	X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9124	Signature

URL	Date	SRC

URL	Date	SRC
http://secunia.com/advisories/20100	2023-11-07
http://sourceforge.net/project/shownotes.php?release_id=416463	2023-11-07
http://www.securityfocus.com/bid/18034	2023-11-07

URL	Date	SRC
ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U	2023-11-07
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html	2023-11-07
http://lists.suse.com/archive/suse-security-announce/2006-Jun/0012.html	2023-11-07
http://secunia.com/advisories/20525	2023-11-07
http://secunia.com/advisories/20591	2023-11-07
http://secunia.com/advisories/20638	2023-11-07
http://secunia.com/advisories/20791	2023-11-07
http://secunia.com/advisories/21000	2023-11-07
http://secunia.com/advisories/21062	2023-11-07
http://secunia.com/advisories/21135	2023-11-07
http://secunia.com/advisories/21385	2023-11-07
http://secunia.com/advisories/21701	2023-11-07
http://secunia.com/advisories/23939	2023-11-07
http://secunia.com/advisories/27162	2023-11-07
http://secunia.com/advisories/27167	2023-11-07
http://secunia.com/advisories/27271	2023-11-07
http://secunia.com/advisories/33937	2023-11-07
http://secunia.com/advisories/35200	2023-11-07
http://secunia.com/advisories/35204	2023-11-07
http://secunia.com/advisories/35233	2023-11-07
http://security.gentoo.org/glsa/glsa-200607-02.xml	2023-11-07
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102705-1	2023-11-07
http://www.debian.org/security/2006/dsa-1095	2023-11-07
http://www.gentoo.org/security/en/glsa/glsa-200710-09.xml	2023-11-07
http://www.mandriva.com/security/advisories?name=MDKSA-2006:099	2023-11-07
http://www.redhat.com/support/errata/RHSA-2006-0500.html	2023-11-07
http://www.redhat.com/support/errata/RHSA-2009-0329.html	2023-11-07
http://www.redhat.com/support/errata/RHSA-2009-1062.html	2023-11-07
http://www.vupen.com/english/advisories/2006/1868	2023-11-07
http://www.vupen.com/english/advisories/2007/0381	2023-11-07
https://usn.ubuntu.com/291-1	2023-11-07
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01316.html	2023-11-07
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01401.html	2023-11-07
https://access.redhat.com/security/cve/CVE-2006-1861	2009-05-22
https://bugzilla.redhat.com/show_bug.cgi?id=484437	2009-05-22

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Freetype Search vendor "Freetype"		Freetype Search vendor "Freetype" for product "Freetype"				2.0.9 Search vendor "Freetype" for product "Freetype" and version "2.0.9"		-		Affected
Freetype Search vendor "Freetype"		Freetype Search vendor "Freetype" for product "Freetype"				2.1.3 Search vendor "Freetype" for product "Freetype" and version "2.1.3"		-		Affected
Freetype Search vendor "Freetype"		Freetype Search vendor "Freetype" for product "Freetype"				2.1.4 Search vendor "Freetype" for product "Freetype" and version "2.1.4"		-		Affected
Freetype Search vendor "Freetype"		Freetype Search vendor "Freetype" for product "Freetype"				2.1.5 Search vendor "Freetype" for product "Freetype" and version "2.1.5"		-		Affected
Freetype Search vendor "Freetype"		Freetype Search vendor "Freetype" for product "Freetype"				2.1.6 Search vendor "Freetype" for product "Freetype" and version "2.1.6"		-		Affected
Freetype Search vendor "Freetype"		Freetype Search vendor "Freetype" for product "Freetype"				2.1.7 Search vendor "Freetype" for product "Freetype" and version "2.1.7"		-		Affected
Freetype Search vendor "Freetype"		Freetype Search vendor "Freetype" for product "Freetype"				2.1.8 Search vendor "Freetype" for product "Freetype" and version "2.1.8"		-		Affected
Freetype Search vendor "Freetype"		Freetype Search vendor "Freetype" for product "Freetype"				2.1.9 Search vendor "Freetype" for product "Freetype" and version "2.1.9"		-		Affected
Freetype Search vendor "Freetype"		Freetype Search vendor "Freetype" for product "Freetype"				2.1.10 Search vendor "Freetype" for product "Freetype" and version "2.1.10"		-		Affected