Rapid7 Vulnerability & Exploit Database

SUSE-SA:2006:037: freetype2

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

SUSE-SA:2006:037: freetype2

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

06/27/2006

Created

07/25/2018

Added

03/10/2008

Modified

11/18/2015

Description

Multiple integer overflows in FreeType before 2.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to (1) bdf/bdflib.c, (2) sfnt/ttcmap.c, (3) cff/cffgload.c, and (4) the read_lwfn function and a crafted LWFN file in base/ftmac.c. NOTE: item 4 was originally identified by CVE-2006-2493.

Solution(s)

References

https://attackerkb.com/topics/cve-2006-0747
APPLE-SA-2009-02-12
APPLE-SA-2009-05-12
18034
18326
18329
TA09-133A
CVE - 2006-0747
CVE - 2006-1861
CVE - 2006-2661
DSA-1095
OVAL11692
OVAL9124
OVAL9508
RHSA-2006:0500
RHSA-2009:0329
RHSA-2009:1062
20060701-01-U
SUSE-SA:2006:037
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:099
http://sourceforge.net/project/shownotes.php?release_id=416463
http://support.avaya.com/elmodocs2/security/ASA-2006-176.htm
http://www.debian.org/security/2006/dsa-1095
http://www.frsirt.com/english/advisories/2006/1868
http://www.frsirt.com/english/advisories/2007/0381
http://www.mandriva.com/security/advisories?name=MDKSA-2006:099
http://www.novell.com/linux/security/advisories/2006_37.freetype.html
http://www.securityfocus.com/archive/1/archive/1/436836/100/0/threaded
http://www.ubuntulinux.org/support/documentation/usn/usn-291-1
https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=128606
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=183676
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190593
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190593#c8
https://issues.rpath.com/browse/RPL-429
26553

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;