CVE-2006-3467 — Integer Overflow or Wraparound in Freetype

CWE-190 — Integer Overflow or Wraparound12 documents8 sources

Severity

7.5HIGHNVD

EPSS

8.7%

top 7.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Freetype X.org Libxfont

Timeline

PublishedJul 21

Latest updateMay 3

Description

Integer overflow in FreeType before 2.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PCF file, as demonstrated by the Red Hat bad1.pcf test file, due to a partial fix of CVE-2006-1861.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶Debianfreetype/freetype< 2.2.1-5+3

▶NVDfreetype/freetype2.1

▶Debianx.org/libxfont< 1:1.2.0-2+3

Patches

Patch: www.redhat.com ↗Patch: www.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-f3f6-hw6f-fq9r: Integer overflow in FreeType before 2↗2022-05-03

▶

OSV

CVE-2006-3467: Integer overflow in FreeType before 2↗2006-07-21

▶

CVEList

CVE-2006-3467: Integer overflow in FreeType before 2↗2006-07-18

▶

📋Vendor Advisories

Ubuntu

libxfont vulnerability↗2006-09-07

▶

Ubuntu

freetype vulnerability↗2006-07-28

▶

Red Hat

freetype: integer overflow vulnerability due to incomplete fix for CVE-2006-1861↗2006-07-18

▶

Debian

CVE-2006-3467: freetype - Integer overflow in FreeType before 2.2 allows remote attackers to cause a denia...↗2006

▶

💬Community

Bugzilla

nx: Appears to embed a vulnerable version of libXfont prone to CVE-2008-0006↗2010-12-03

▶

Bugzilla

CVE-2006-3467 freetype: integer overflow vulnerability due to incomplete fix for CVE-2006-1861↗2009-02-23

▶

Bugzilla

CVE-2006-3467 Xorg PCF handling Integer overflow↗2006-08-15

▶

Bugzilla

CVE-2006-1861 freetype multiple integer overflows (CVE-2006-3467)↗2006-05-03

▶