CVE-2006-3740 — X.org vulnerability

11 documents8 sources

Severity

7.2HIGHNVD

EPSS

0.1%

top 78.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

X.org Libxfont X.org

Timeline

PublishedSep 13

Latest updateMay 1

Description

Integer overflow in the scan_cidfont function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted (1) CMap and (2) CIDFont font data with modified item counts in the (a) begincodespacerange, (b) cidrange, and (c) notdefrange sections.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

▶Debianx.org/libxfont< 1:1.2.2-1+3

▶NVDx.org/x.org6.8.2

Patches

Patch: www.idefense.com ↗Patch: www.redhat.com ↗Patch: www.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-gpr2-3wwv-wvmr: Integer overflow in the scan_cidfont function in X↗2022-05-01

▶

CVEList

CVE-2006-3740: Integer overflow in the scan_cidfont function in X↗2006-09-13

▶

OSV

CVE-2006-3740: Integer overflow in the scan_cidfont function in X↗2006-09-13

▶

📋Vendor Advisories

Ubuntu

X.org vulnerabilities↗2006-09-13

▶

Red Hat

security flaw↗2006-09-12

▶

Debian

CVE-2006-3740: libxfont - Integer overflow in the scan_cidfont function in X.Org 6.8.2 and XFree86 X serve...↗2006

▶

💬Community

Bugzilla

CVE-2006-3740 security flaw↗2018-08-16

▶

Bugzilla

CVE-2006-3739 X CID font parser multiple integer overflows (CVE-2006-3740)↗2006-09-15

▶

Bugzilla

CVE-2006-3739 X CID font parser multiple integer overflows (CVE-2006-3740)↗2006-08-29

▶

Bugzilla

CVE-2006-3739 X CID font parser multiple integer overflows (CVE-2006-3740)↗2006-08-29

▶