Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2006-3740

Published: 13/09/2006 Updated: 17/10/2018
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
VMScore: 641
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to X.org

Vulnerability Summary

Integer overflow in the scan_cidfont function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted (1) CMap and (2) CIDFont font data with modified item counts in the (a) begincodespacerange, (b) cidrange, and (c) notdefrange sections.

Vulnerable Product Search on Vulmon Subscribe to Product

x.org x.org 6.8.2

xfree86 project xfree86 x

Vendor Advisories

Ubuntu Security Notice: libxfont, xorg vulnerabilities
iDefense security researchers found several integer overflows in Xorg’s font handling library By using a specially crafted Type1 CID font file, a local user could exploit these to crash the X server or execute arbitrary code with root privileges ...
Debian Security Advisories: DSA-1193-1 xfree86 -- several vulnerabilities
Several vulnerabilities have been discovered in the X Window System, which may lead to the execution of arbitrary code or denial of service The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-3467 Chris Evan discovered an integer overflow in the code to handle PCF fonts, which might lead to denial ...

References

NVD-CWE-Otherhttp://www.idefense.com/intelligence/vulnerabilities/display.php?id=411http://www.redhat.com/support/errata/RHSA-2006-0665.htmlhttp://www.redhat.com/support/errata/RHSA-2006-0666.htmlhttp://security.gentoo.org/glsa/glsa-200609-07.xmlhttp://www.ubuntu.com/usn/usn-344-1http://www.securityfocus.com/bid/19974http://secunia.com/advisories/21864http://secunia.com/advisories/21889http://secunia.com/advisories/21890http://secunia.com/advisories/21894http://secunia.com/advisories/21900http://secunia.com/advisories/21904http://securitytracker.com/id?1016828http://secunia.com/advisories/21908http://secunia.com/advisories/21924http://www.novell.com/linux/security/advisories/2006_23_sr.htmlhttp://support.avaya.com/elmodocs2/security/ASA-2006-190.htmhttp://secunia.com/advisories/22141http://www.debian.org/security/2006/dsa-1193http://secunia.com/advisories/22332http://support.avaya.com/elmodocs2/security/ASA-2006-191.htmhttp://secunia.com/advisories/22560http://secunia.com/advisories/23033http://secunia.com/advisories/22080https://issues.rpath.com/browse/RPL-614http://sunsolve.sun.com/search/document.do?assetkey=1-26-102780-1http://secunia.com/advisories/23899http://secunia.com/advisories/23907http://www.vmware.com/support/esx25/doc/esx-254-200702-patch.htmlhttp://secunia.com/advisories/24636http://www.mandriva.com/security/advisories?name=MDKSA-2006:164http://www.vupen.com/english/advisories/2007/0322http://www.vupen.com/english/advisories/2006/3582http://www.vupen.com/english/advisories/2007/1171http://www.vupen.com/english/advisories/2006/3581https://exchange.xforce.ibmcloud.com/vulnerabilities/28890https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9454http://www.securityfocus.com/archive/1/464268/100/0/threadedhttp://www.securityfocus.com/archive/1/445812/100/0/threadedhttps://usn.ubuntu.com/344-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
client sideCVE-2023-31889template injectionCVE-2024-4304CVE-2006-4304CVE-2024-33272type confusionCVE-2024-21345CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook