CVE-2006-6101

Severity Score

7.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Integer overflow in the ProcRenderAddGlyphs function in the Render extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of glyph management data structures.

Desbordamiento de Entero en la función ProcRenderAddGlyphs en la extensión Render para X.Org 6.8.2, 6.9.0, 7.0, y 7.1, y Servidor XFree86 X, permite a atacantes remotos ejecutar código de su elección mediante una petición de protocolo X manipulada que dispara corrupción de memoria durante el procesado del manejo de estructuras de datos para la representación física de caracteres.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Medium

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2006-11-24 CVE Reserved
2006-12-31 CVE Published
2024-08-07 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (42)

URL	Tag	Source
http://osvdb.org/32084	Vdb Entry
http://secunia.com/advisories/23633	Third Party Advisory
http://secunia.com/advisories/23670	Third Party Advisory
http://secunia.com/advisories/23684	Third Party Advisory
http://secunia.com/advisories/23689	Third Party Advisory
http://secunia.com/advisories/23698	Third Party Advisory
http://secunia.com/advisories/23705	Third Party Advisory
http://secunia.com/advisories/23758	Third Party Advisory
http://secunia.com/advisories/23789	Third Party Advisory
http://secunia.com/advisories/23966	Third Party Advisory
http://secunia.com/advisories/24168	Third Party Advisory
http://secunia.com/advisories/24210	Third Party Advisory
http://secunia.com/advisories/24247	Third Party Advisory
http://secunia.com/advisories/24401	Third Party Advisory
http://secunia.com/advisories/25802	Third Party Advisory
http://securitytracker.com/id?1017495	Vdb Entry
http://support.avaya.com/elmodocs2/security/ASA-2007-066.htm	X_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2007-074.htm	X_refsource_confirm
http://www.securityfocus.com/bid/21968	Vdb Entry
http://www.vupen.com/english/advisories/2007/0108	Vdb Entry
http://www.vupen.com/english/advisories/2007/0109	Vdb Entry
http://www.vupen.com/english/advisories/2007/0589	Vdb Entry
http://www.vupen.com/english/advisories/2007/0669	Vdb Entry
http://www.vupen.com/english/advisories/2007/2233	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/31337	Vdb Entry
https://issues.rpath.com/browse/RPL-920	X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10490	Signature

URL	Date	SRC

URL	Date	SRC
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=463	2017-10-11
http://lists.freedesktop.org/archives/xorg-announce/2007-January/000235.html	2017-10-11

URL	Date	SRC
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2007-002.txt.asc	2017-10-11
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01075678	2017-10-11
http://security.gentoo.org/glsa/glsa-200701-25.xml	2017-10-11
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.393555	2017-10-11
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102803-1	2017-10-11
http://www.mandriva.com/security/advisories?name=MDKSA-2007:005	2017-10-11
http://www.novell.com/linux/security/advisories/2007_08_x.html	2017-10-11
http://www.redhat.com/support/errata/RHSA-2007-0002.html	2017-10-11
http://www.redhat.com/support/errata/RHSA-2007-0003.html	2017-10-11
http://www.ubuntu.com/usn/usn-403-1	2017-10-11
https://www.debian.org/security/2007/dsa-1249	2017-10-11
https://access.redhat.com/security/cve/CVE-2006-6101	2007-01-10
https://bugzilla.redhat.com/show_bug.cgi?id=1618238	2007-01-10

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
X.org Search vendor "X.org"		X.org Search vendor "X.org" for product "X.org"				6.8.2 Search vendor "X.org" for product "X.org" and version "6.8.2"		-		Affected
X.org Search vendor "X.org"		X.org Search vendor "X.org" for product "X.org"				6.9.0 Search vendor "X.org" for product "X.org" and version "6.9.0"		-		Affected
X.org Search vendor "X.org"		X.org Search vendor "X.org" for product "X.org"				7.0 Search vendor "X.org" for product "X.org" and version "7.0"		-		Affected
X.org Search vendor "X.org"		X.org Search vendor "X.org" for product "X.org"				7.1 Search vendor "X.org" for product "X.org" and version "7.1"		-		Affected
Xfree86 Project Search vendor "Xfree86 Project"		Xfree86 Search vendor "Xfree86 Project" for product "Xfree86"				*		-		Affected