Search for vulnerabilities
Vulnerability details: VCID-xq3y-skye-aaac
Vulnerability ID VCID-xq3y-skye-aaac
Aliases CVE-2006-1861
Summary Multiple integer overflows in FreeType before 2.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to (1) bdf/bdflib.c, (2) sfnt/ttcmap.c, (3) cff/cffgload.c, and (4) the read_lwfn function and a crafted LWFN file in base/ftmac.c. NOTE: item 4 was originally identified by CVE-2006-2493.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-189 Numeric Errors
CWE-190 Integer Overflow or Wraparound
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2006:0500
rhas Important https://access.redhat.com/errata/RHSA-2009:0329
rhas Important https://access.redhat.com/errata/RHSA-2009:1062
epss 0.06353 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.06353 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.06353 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.06353 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.06353 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.06353 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.06353 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.06353 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.06353 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.06353 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.06353 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.06353 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.06353 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.06353 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.06353 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.06353 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.06353 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.06353 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.06353 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.06353 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.06353 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.06353 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.06353 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.06353 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.06353 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.06353 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.06353 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.06353 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.06353 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.06353 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.06353 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.06353 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.06353 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.06353 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.06353 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.06353 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.06353 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.06353 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.06353 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.06353 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.06353 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.06353 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.06353 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.06353 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.06353 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.06353 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.06353 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.06353 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.06353 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.06353 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.06353 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.06353 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.06353 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.06353 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.06353 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.06353 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.10115 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.10115 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.10115 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.13716 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.13716 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.13716 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.13716 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.13716 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.13716 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.13716 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.13716 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.13716 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.13716 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.13716 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.13716 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
epss 0.14954 https://api.first.org/data/v1/epss?cve=CVE-2006-1861
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=484437
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2006-1861
Reference id Reference type URL
ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html
http://lists.suse.com/archive/suse-security-announce/2006-Jun/0012.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-1861.json
https://access.redhat.com/security/cve/CVE-2006-1861
https://api.first.org/data/v1/epss?cve=CVE-2006-1861
https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=128606
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190593
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190593#c8
https://bugzilla.redhat.com/show_bug.cgi?id=502565
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1861
http://secunia.com/advisories/20100
http://secunia.com/advisories/20525
http://secunia.com/advisories/20591
http://secunia.com/advisories/20638
http://secunia.com/advisories/20791
http://secunia.com/advisories/21000
http://secunia.com/advisories/21062
http://secunia.com/advisories/21135
http://secunia.com/advisories/21385
http://secunia.com/advisories/21701
http://secunia.com/advisories/23939
http://secunia.com/advisories/27162
http://secunia.com/advisories/27167
http://secunia.com/advisories/27271
http://secunia.com/advisories/33937
http://secunia.com/advisories/35200
http://secunia.com/advisories/35204
http://secunia.com/advisories/35233
http://security.gentoo.org/glsa/glsa-200607-02.xml
http://securitytracker.com/id?1016522
https://exchange.xforce.ibmcloud.com/vulnerabilities/26553
https://issues.rpath.com/browse/RPL-429
http://sourceforge.net/project/shownotes.php?release_id=416463
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9124
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102705-1
http://support.apple.com/kb/HT3438
http://support.avaya.com/elmodocs2/security/ASA-2006-176.htm
https://usn.ubuntu.com/291-1/
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01316.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01401.html
http://www.debian.org/security/2006/dsa-1095
http://www.gentoo.org/security/en/glsa/glsa-200710-09.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:099
http://www.redhat.com/support/errata/RHSA-2006-0500.html
http://www.redhat.com/support/errata/RHSA-2009-0329.html
http://www.redhat.com/support/errata/RHSA-2009-1062.html
http://www.securityfocus.com/archive/1/436836/100/0/threaded
http://www.securityfocus.com/bid/18034
http://www.vupen.com/english/advisories/2006/1868
http://www.vupen.com/english/advisories/2007/0381
484437 https://bugzilla.redhat.com/show_bug.cgi?id=484437
cpe:2.3:a:freetype:freetype:2.0.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.0.9:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.1.10:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.1.4:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.1.5:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.1.6:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.1.7:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.1.8:*:*:*:*:*:*:*
cpe:2.3:a:freetype:freetype:2.1.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:2.1.9:*:*:*:*:*:*:*
CVE-2006-1861 https://nvd.nist.gov/vuln/detail/CVE-2006-1861
GLSA-200607-02 https://security.gentoo.org/glsa/200607-02
GLSA-200710-09 https://security.gentoo.org/glsa/200710-09
GLSA-201006-01 https://security.gentoo.org/glsa/201006-01
RHSA-2006:0500 https://access.redhat.com/errata/RHSA-2006:0500
RHSA-2009:0329 https://access.redhat.com/errata/RHSA-2009:0329
RHSA-2009:1062 https://access.redhat.com/errata/RHSA-2009:1062
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2006-1861
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.90058
EPSS Score 0.06353
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.