// For flags

CVE-2006-3467

freetype: integer overflow vulnerability due to incomplete fix for CVE-2006-1861

Severity Score

7.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Integer overflow in FreeType before 2.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PCF file, as demonstrated by the Red Hat bad1.pcf test file, due to a partial fix of CVE-2006-1861.

Desbordamiento de entero en FreeType en versiones anteriores a 2.2 permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un archivo PCF manipulado, según lo demostrado mediante el archivo de prueba Red Hat bad1.pcf, debido a una solución parcial de CVE-2006-1861.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2006-07-10 CVE Reserved
  • 2006-07-18 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-189: Numeric Errors
  • CWE-190: Integer Overflow or Wraparound
CAPEC
References (57)
URL Tag Source
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190593 X_refsource_misc
http://secunia.com/advisories/21062 Third Party Advisory
http://secunia.com/advisories/33937 Third Party Advisory
http://securitytracker.com/id?1016522 Vdb Entry
http://support.apple.com/kb/HT3438 X_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2006-176.htm X_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2006-186.htm X_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2006-284.htm X_refsource_confirm
http://www.securityfocus.com/archive/1/444318/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/451404/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/451417/100/200/threaded Mailing List
http://www.securityfocus.com/archive/1/451419/100/200/threaded Mailing List
http://www.securityfocus.com/archive/1/451426/100/200/threaded Mailing List
http://www.vmware.com/download/esx/esx-202-200610-patch.html X_refsource_confirm
http://www.vmware.com/download/esx/esx-213-200610-patch.html X_refsource_confirm
http://www.vmware.com/download/esx/esx-254-200610-patch.html X_refsource_confirm
http://www.vupen.com/english/advisories/2006/4502 Vdb Entry
http://www.vupen.com/english/advisories/2006/4522 Vdb Entry
http://www.vupen.com/english/advisories/2007/0381 Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10673 Signature
URL Date SRC
URL Date SRC
http://www.redhat.com/support/errata/RHSA-2006-0500.html 2023-02-13
URL Date SRC
ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U 2023-02-13
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html 2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html 2023-02-13
http://lists.suse.com/archive/suse-security-announce/2006-Aug/0002.html 2023-02-13
http://secunia.com/advisories/21135 2023-02-13
http://secunia.com/advisories/21144 2023-02-13
http://secunia.com/advisories/21232 2023-02-13
http://secunia.com/advisories/21285 2023-02-13
http://secunia.com/advisories/21566 2023-02-13
http://secunia.com/advisories/21567 2023-02-13
http://secunia.com/advisories/21606 2023-02-13
http://secunia.com/advisories/21626 2023-02-13
http://secunia.com/advisories/21701 2023-02-13
http://secunia.com/advisories/21793 2023-02-13
http://secunia.com/advisories/21798 2023-02-13
http://secunia.com/advisories/21836 2023-02-13
http://secunia.com/advisories/22027 2023-02-13
http://secunia.com/advisories/22332 2023-02-13
http://secunia.com/advisories/22875 2023-02-13
http://secunia.com/advisories/22907 2023-02-13
http://secunia.com/advisories/23400 2023-02-13
http://secunia.com/advisories/23939 2023-02-13
http://secunia.com/advisories/27271 2023-02-13
http://security.gentoo.org/glsa/glsa-200609-04.xml 2023-02-13
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102705-1 2023-02-13
http://www.debian.org/security/2006/dsa-1178 2023-02-13
http://www.debian.org/security/2006/dsa-1193 2023-02-13
http://www.mandriva.com/security/advisories?name=MDKSA-2006:129 2023-02-13
http://www.mandriva.com/security/advisories?name=MDKSA-2006:148 2023-02-13
http://www.redhat.com/support/errata/RHSA-2006-0634.html 2023-02-13
http://www.redhat.com/support/errata/RHSA-2006-0635.html 2023-02-13
http://www.trustix.org/errata/2006/0052 2023-02-13
http://www.ubuntu.com/usn/usn-324-1 2023-02-13
http://www.ubuntu.com/usn/usn-341-1 2023-02-13
https://access.redhat.com/security/cve/CVE-2006-3467 2006-08-21
https://bugzilla.redhat.com/show_bug.cgi?id=487070 2006-08-21
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Freetype
Search vendor "Freetype"
 Freetype
Search vendor "Freetype" for product "Freetype"
 <= 2.1
Search vendor "Freetype" for product "Freetype" and version " <= 2.1"
-
Affected