Search for vulnerabilities
Vulnerability details: VCID-v9rn-6f4f-aaar
Vulnerability ID VCID-v9rn-6f4f-aaar
Aliases CVE-2006-2661
Summary ftutil.c in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a crafted font file that triggers a null dereference.
Status Published
Exploitability 2.0
Weighted Severity 6.2
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-476 NULL Pointer Dereference
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2006:0500
epss 0.04514 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.04514 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.04514 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.04514 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.09617 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.09617 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.09617 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.09617 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.09617 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.09617 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.09617 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.09617 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.09617 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.09617 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.101 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.101 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.101 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.101 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.101 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.101 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.101 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.101 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.101 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.101 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.101 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.101 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.101 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.101 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.101 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.101 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.101 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.101 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.101 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.101 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.101 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.101 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.101 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.10345 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.10345 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.10345 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.10345 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.10345 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.10345 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.10345 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.10345 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.10345 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.10345 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.10345 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.10345 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.10345 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.10345 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.10345 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.10345 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.10345 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.10345 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.10345 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.10345 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.10345 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.10345 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.10345 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.10345 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.10345 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.10345 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.10345 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.10345 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.10345 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
epss 0.12468 https://api.first.org/data/v1/epss?cve=CVE-2006-2661
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=1618110
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2006-2661
Reference id Reference type URL
ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U
http://lists.suse.com/archive/suse-security-announce/2006-Jun/0012.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-2661.json
https://api.first.org/data/v1/epss?cve=CVE-2006-2661
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=183676
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2661
http://secunia.com/advisories/20525
http://secunia.com/advisories/20591
http://secunia.com/advisories/20638
http://secunia.com/advisories/20791
http://secunia.com/advisories/21062
http://secunia.com/advisories/21135
http://secunia.com/advisories/21385
http://secunia.com/advisories/21701
http://secunia.com/advisories/23939
http://securitytracker.com/id?1016520
https://issues.rpath.com/browse/RPL-429
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11692
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102705-1
http://support.avaya.com/elmodocs2/security/ASA-2006-176.htm
https://usn.ubuntu.com/291-1/
http://www.debian.org/security/2006/dsa-1095
http://www.mandriva.com/security/advisories?name=MDKSA-2006:099
http://www.redhat.com/support/errata/RHSA-2006-0500.html
http://www.securityfocus.com/archive/1/436836/100/0/threaded
http://www.securityfocus.com/bid/18329
http://www.vupen.com/english/advisories/2007/0381
1618110 https://bugzilla.redhat.com/show_bug.cgi?id=1618110
cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
CVE-2006-2661 https://nvd.nist.gov/vuln/detail/CVE-2006-2661
CVE-2006-2661;OSVDB-26033 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/27993.txt
CVE-2006-2661;OSVDB-26033 Exploit https://www.securityfocus.com/bid/18329/info
RHSA-2006:0500 https://access.redhat.com/errata/RHSA-2006:0500
Data source Exploit-DB
Date added June 8, 2006
Description FreeType - '.TTF' File Remote Denial of Service
Ransomware campaign use Known
Source publication date June 8, 2006
Exploit type dos
Platform multiple
Source update date Sept. 17, 2013
Source URL https://www.securityfocus.com/bid/18329/info
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2006-2661
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.92374
EPSS Score 0.04514
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.