CVE-2006-1861 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2006-1861
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-1861

Description: Multiple integer overflows in FreeType before 2.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to (1) bdf/bdflib.c, (2) sfnt/ttcmap.c, (3) cff/cffgload.c, and (4) the read_lwfn function and a crafted LWFN file in base/ftmac.c. NOTE: item 4 was originally identified by CVE-2006-2493.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/26553 UBUNTU http://www.ubuntulinux.org/support/documentation/usn/usn-291-1 SUSE http://lists.suse.com/archive/suse-security-announce/2006-Jun/0012.html http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-102705-1 ST 1016522 SGI SAID Secunia Advisory: SA21135 Secunia Advisory: SA21000 Secunia Advisory: SA20525 Secunia Advisory: SA20638 Secunia Advisory: SA20100 Secunia Advisory: SA20591 Secunia Advisory: SA20791 Secunia Advisory: SA21062 Secunia Advisory: SA21385 Secunia Advisory: SA21701 Secunia Advisory: SA23939 Secunia Advisory: SA27162 Secunia Advisory: SA27167 Secunia Advisory: SA27271 REDHAT http://www.redhat.com/support/errata/RHSA-2006-0500.html MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2006:099 GENTOO http://www.gentoo.org/security/en/glsa/glsa-200710-09.xml http://security.gentoo.org/glsa/glsa-200607-02.xml DEBIAN http://www.debian.org/security/2006/dsa-1095 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-176.htm http://sourceforge.net/project/shownotes.php?release_id=416463 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/436836/100/0/threaded BID 18034

Return to the previous page.