Vulnerability-Lookup

CVE-2006-1861 (GCVE-0-2006-1861)

Vulnerability from cvelistv5 – Published: 2006-05-23 10:00 – Updated: 2024-08-07 17:27

Summary

Multiple integer overflows in FreeType before 2.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to (1) bdf/bdflib.c, (2) sfnt/ttcmap.c, (3) cff/cffgload.c, and (4) the read_lwfn function and a crafted LWFN file in base/ftmac.c. NOTE: item 4 was originally identified by CVE-2006-2493.

Severity

No CVSS data available.

CWE

Assigner

redhat

References

48 references

URL	Tags
http://lists.suse.com/archive/suse-security-annou…	vendor-advisoryx_refsource_SUSE
http://secunia.com/advisories/20791	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/27271	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/33937	third-party-advisoryx_refsource_SECUNIA
http://sourceforge.net/project/shownotes.php?rele…	x_refsource_CONFIRM
http://sunsolve.sun.com/search/document.do?assetk…	vendor-advisoryx_refsource_SUNALERT
http://secunia.com/advisories/21000	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/20525	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/21701	third-party-advisoryx_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-200607-02.xml	vendor-advisoryx_refsource_GENTOO
http://support.apple.com/kb/HT3438	x_refsource_CONFIRM
http://secunia.com/advisories/27162	third-party-advisoryx_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
https://usn.ubuntu.com/291-1/	vendor-advisoryx_refsource_UBUNTU
http://secunia.com/advisories/21385	third-party-advisoryx_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
http://www.redhat.com/support/errata/RHSA-2009-10…	vendor-advisoryx_refsource_REDHAT
http://www.securityfocus.com/archive/1/436836/100…	mailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/bid/18034	vdb-entryx_refsource_BID
http://secunia.com/advisories/21135	third-party-advisoryx_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
http://www.redhat.com/support/errata/RHSA-2006-05…	vendor-advisoryx_refsource_REDHAT
https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
http://secunia.com/advisories/23939	third-party-advisoryx_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=502565	x_refsource_CONFIRM
http://support.avaya.com/elmodocs2/security/ASA-2…	x_refsource_CONFIRM
https://bugzilla.redhat.com/bugzilla/attachment.c…	x_refsource_CONFIRM
http://secunia.com/advisories/20591	third-party-advisoryx_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://secunia.com/advisories/27167	third-party-advisoryx_refsource_SECUNIA
https://bugzilla.redhat.com/bugzilla/show_bug.cgi…	x_refsource_CONFIRM
http://secunia.com/advisories/20638	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/20100	third-party-advisoryx_refsource_SECUNIA
http://securitytracker.com/id?1016522	vdb-entryx_refsource_SECTRACK
http://secunia.com/advisories/35233	third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2007/0381	vdb-entryx_refsource_VUPEN
https://issues.rpath.com/browse/RPL-429	x_refsource_CONFIRM
ftp://patches.sgi.com/support/free/security/advis…	vendor-advisoryx_refsource_SGI
http://www.gentoo.org/security/en/glsa/glsa-20071…	vendor-advisoryx_refsource_GENTOO
http://secunia.com/advisories/35200	third-party-advisoryx_refsource_SECUNIA
https://bugzilla.redhat.com/bugzilla/show_bug.cgi…	x_refsource_CONFIRM
http://secunia.com/advisories/21062	third-party-advisoryx_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2009-03…	vendor-advisoryx_refsource_REDHAT
http://secunia.com/advisories/35204	third-party-advisoryx_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
http://www.debian.org/security/2006/dsa-1095	vendor-advisoryx_refsource_DEBIAN
http://www.vupen.com/english/advisories/2006/1868	vdb-entryx_refsource_VUPEN

Date Public

2006-05-15 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T17:27:29.390Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SA:2006:037",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0012.html"
          },
          {
            "name": "20791",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20791"
          },
          {
            "name": "27271",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27271"
          },
          {
            "name": "33937",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33937"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?release_id=416463"
          },
          {
            "name": "102705",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102705-1"
          },
          {
            "name": "21000",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21000"
          },
          {
            "name": "20525",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20525"
          },
          {
            "name": "21701",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21701"
          },
          {
            "name": "GLSA-200607-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200607-02.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3438"
          },
          {
            "name": "27162",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27162"
          },
          {
            "name": "FEDORA-2009-5644",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01401.html"
          },
          {
            "name": "APPLE-SA-2009-02-12",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
          },
          {
            "name": "USN-291-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/291-1/"
          },
          {
            "name": "21385",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21385"
          },
          {
            "name": "FEDORA-2009-5558",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01316.html"
          },
          {
            "name": "RHSA-2009:1062",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1062.html"
          },
          {
            "name": "20060612 rPSA-2006-0100-1 freetype",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/436836/100/0/threaded"
          },
          {
            "name": "18034",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/18034"
          },
          {
            "name": "21135",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21135"
          },
          {
            "name": "freetype-lwfn-overflow(26553)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26553"
          },
          {
            "name": "RHSA-2006:0500",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0500.html"
          },
          {
            "name": "oval:org.mitre.oval:def:9124",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9124"
          },
          {
            "name": "23939",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23939"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=502565"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-176.htm"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=128606"
          },
          {
            "name": "20591",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20591"
          },
          {
            "name": "SUSE-SR:2007:021",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html"
          },
          {
            "name": "27167",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27167"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190593"
          },
          {
            "name": "20638",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20638"
          },
          {
            "name": "20100",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20100"
          },
          {
            "name": "1016522",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016522"
          },
          {
            "name": "35233",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35233"
          },
          {
            "name": "ADV-2007-0381",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0381"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-429"
          },
          {
            "name": "20060701-01-U",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U"
          },
          {
            "name": "GLSA-200710-09",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200710-09.xml"
          },
          {
            "name": "35200",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35200"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190593#c8"
          },
          {
            "name": "21062",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21062"
          },
          {
            "name": "RHSA-2009:0329",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-0329.html"
          },
          {
            "name": "35204",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35204"
          },
          {
            "name": "MDKSA-2006:099",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:099"
          },
          {
            "name": "DSA-1095",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1095"
          },
          {
            "name": "ADV-2006-1868",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/1868"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-05-15T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple integer overflows in FreeType before 2.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to (1) bdf/bdflib.c, (2) sfnt/ttcmap.c, (3) cff/cffgload.c, and (4) the read_lwfn function and a crafted LWFN file in base/ftmac.c.  NOTE: item 4 was originally identified by CVE-2006-2493."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-18T14:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "SUSE-SA:2006:037",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0012.html"
        },
        {
          "name": "20791",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20791"
        },
        {
          "name": "27271",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27271"
        },
        {
          "name": "33937",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33937"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?release_id=416463"
        },
        {
          "name": "102705",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102705-1"
        },
        {
          "name": "21000",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21000"
        },
        {
          "name": "20525",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20525"
        },
        {
          "name": "21701",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21701"
        },
        {
          "name": "GLSA-200607-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200607-02.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3438"
        },
        {
          "name": "27162",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27162"
        },
        {
          "name": "FEDORA-2009-5644",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01401.html"
        },
        {
          "name": "APPLE-SA-2009-02-12",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
        },
        {
          "name": "USN-291-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/291-1/"
        },
        {
          "name": "21385",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21385"
        },
        {
          "name": "FEDORA-2009-5558",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01316.html"
        },
        {
          "name": "RHSA-2009:1062",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-1062.html"
        },
        {
          "name": "20060612 rPSA-2006-0100-1 freetype",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/436836/100/0/threaded"
        },
        {
          "name": "18034",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/18034"
        },
        {
          "name": "21135",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21135"
        },
        {
          "name": "freetype-lwfn-overflow(26553)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26553"
        },
        {
          "name": "RHSA-2006:0500",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2006-0500.html"
        },
        {
          "name": "oval:org.mitre.oval:def:9124",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9124"
        },
        {
          "name": "23939",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23939"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=502565"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-176.htm"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=128606"
        },
        {
          "name": "20591",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20591"
        },
        {
          "name": "SUSE-SR:2007:021",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html"
        },
        {
          "name": "27167",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27167"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190593"
        },
        {
          "name": "20638",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20638"
        },
        {
          "name": "20100",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20100"
        },
        {
          "name": "1016522",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016522"
        },
        {
          "name": "35233",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35233"
        },
        {
          "name": "ADV-2007-0381",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0381"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-429"
        },
        {
          "name": "20060701-01-U",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U"
        },
        {
          "name": "GLSA-200710-09",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200710-09.xml"
        },
        {
          "name": "35200",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35200"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190593#c8"
        },
        {
          "name": "21062",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21062"
        },
        {
          "name": "RHSA-2009:0329",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-0329.html"
        },
        {
          "name": "35204",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35204"
        },
        {
          "name": "MDKSA-2006:099",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:099"
        },
        {
          "name": "DSA-1095",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1095"
        },
        {
          "name": "ADV-2006-1868",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/1868"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2006-1861",
    "datePublished": "2006-05-23T10:00:00.000Z",
    "dateReserved": "2006-04-19T00:00:00.000Z",
    "dateUpdated": "2024-08-07T17:27:29.390Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2006-1861",
      "date": "2026-06-02",
      "epss": "0.08522",
      "percentile": "0.92519"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:freetype:freetype:2.0.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"28CA4C7D-D70A-44CF-8E3D-F2612CCA0799\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:freetype:freetype:2.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"369D87D8-E4A7-4EC4-B508-2940EE174F95\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:freetype:freetype:2.1.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"288FDB59-7FE4-4351-8822-554ADF07C79A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:freetype:freetype:2.1.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B681257A-F8D8-46D5-995D-BC44F54DD5C0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:freetype:freetype:2.1.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"56E0DEB6-4414-49AB-88E9-988CE5D8EF67\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:freetype:freetype:2.1.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"56A90D08-2CAF-422F-8587-7D88EC7632A1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:freetype:freetype:2.1.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B944FEB-F69D-4F6C-9485-26F95A5874B6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:freetype:freetype:2.1.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F73474B9-6853-4C5C-9CB9-5F4D3080D1C5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:freetype:freetype:2.1.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5283E910-D512-481C-804E-8717A83B24CB\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple integer overflows in FreeType before 2.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to (1) bdf/bdflib.c, (2) sfnt/ttcmap.c, (3) cff/cffgload.c, and (4) the read_lwfn function and a crafted LWFN file in base/ftmac.c.  NOTE: item 4 was originally identified by CVE-2006-2493.\"}]",
      "id": "CVE-2006-1861",
      "lastModified": "2024-11-21T00:09:56.640",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": true, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2006-05-23T10:06:00.000",
      "references": "[{\"url\": \"ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.suse.com/archive/suse-security-announce/2006-Jun/0012.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/20100\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/20525\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/20591\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/20638\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/20791\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/21000\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/21062\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/21135\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/21385\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/21701\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/23939\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/27162\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/27167\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/27271\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/33937\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/35200\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/35204\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/35233\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200607-02.xml\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://securitytracker.com/id?1016522\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://sourceforge.net/project/shownotes.php?release_id=416463\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\"]}, {\"url\": \"http://sunsolve.sun.com/search/document.do?assetkey=1-26-102705-1\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://support.apple.com/kb/HT3438\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://support.avaya.com/elmodocs2/security/ASA-2006-176.htm\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.debian.org/security/2006/dsa-1095\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.gentoo.org/security/en/glsa/glsa-200710-09.xml\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDKSA-2006:099\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2006-0500.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2009-0329.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2009-1062.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/436836/100/0/threaded\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securityfocus.com/bid/18034\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2006/1868\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2007/0381\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=128606\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190593\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190593#c8\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=502565\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/26553\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://issues.rpath.com/browse/RPL-429\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9124\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://usn.ubuntu.com/291-1/\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01316.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01401.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.suse.com/archive/suse-security-announce/2006-Jun/0012.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/20100\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/20525\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/20591\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/20638\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/20791\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/21000\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/21062\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/21135\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/21385\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/21701\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/23939\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/27162\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/27167\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/27271\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/33937\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/35200\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/35204\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/35233\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200607-02.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1016522\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://sourceforge.net/project/shownotes.php?release_id=416463\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://sunsolve.sun.com/search/document.do?assetkey=1-26-102705-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://support.apple.com/kb/HT3438\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://support.avaya.com/elmodocs2/security/ASA-2006-176.htm\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2006/dsa-1095\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.gentoo.org/security/en/glsa/glsa-200710-09.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDKSA-2006:099\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2006-0500.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2009-0329.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2009-1062.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/436836/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/18034\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2006/1868\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2007/0381\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=128606\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190593\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190593#c8\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=502565\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/26553\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://issues.rpath.com/browse/RPL-429\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9124\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://usn.ubuntu.com/291-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01316.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01401.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-189\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-1861\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2006-05-23T10:06:00.000\",\"lastModified\":\"2026-04-16T00:27:16.627\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple integer overflows in FreeType before 2.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to (1) bdf/bdflib.c, (2) sfnt/ttcmap.c, (3) cff/cffgload.c, and (4) the read_lwfn function and a crafted LWFN file in base/ftmac.c.  NOTE: item 4 was originally identified by CVE-2006-2493.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":true,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-189\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:2.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"28CA4C7D-D70A-44CF-8E3D-F2612CCA0799\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:2.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"369D87D8-E4A7-4EC4-B508-2940EE174F95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:2.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"288FDB59-7FE4-4351-8822-554ADF07C79A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:2.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B681257A-F8D8-46D5-995D-BC44F54DD5C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:2.1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56E0DEB6-4414-49AB-88E9-988CE5D8EF67\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:2.1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56A90D08-2CAF-422F-8587-7D88EC7632A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:2.1.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B944FEB-F69D-4F6C-9485-26F95A5874B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:2.1.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F73474B9-6853-4C5C-9CB9-5F4D3080D1C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:2.1.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5283E910-D512-481C-804E-8717A83B24CB\"}]}]}],\"references\":[{\"url\":\"ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.suse.com/archive/suse-security-announce/2006-Jun/0012.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/20100\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/20525\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/20591\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/20638\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/20791\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/21000\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/21062\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/21135\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/21385\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/21701\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/23939\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/27162\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/27167\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/27271\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/33937\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/35200\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/35204\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/35233\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-200607-02.xml\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://securitytracker.com/id?1016522\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://sourceforge.net/project/shownotes.php?release_id=416463\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-26-102705-1\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://support.apple.com/kb/HT3438\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://support.avaya.com/elmodocs2/security/ASA-2006-176.htm\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.debian.org/security/2006/dsa-1095\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200710-09.xml\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2006:099\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2006-0500.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2009-0329.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2009-1062.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/436836/100/0/threaded\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/18034\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/1868\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/0381\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=128606\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190593\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190593#c8\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=502565\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/26553\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://issues.rpath.com/browse/RPL-429\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9124\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://usn.ubuntu.com/291-1/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01316.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01401.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.suse.com/archive/suse-security-announce/2006-Jun/0012.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/20100\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/20525\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/20591\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/20638\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/20791\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/21000\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/21062\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/21135\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/21385\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/21701\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/23939\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/27162\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/27167\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/27271\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/33937\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/35200\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/35204\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/35233\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-200607-02.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1016522\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sourceforge.net/project/shownotes.php?release_id=416463\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-26-102705-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.apple.com/kb/HT3438\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.avaya.com/elmodocs2/security/ASA-2006-176.htm\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2006/dsa-1095\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200710-09.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2006:099\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2006-0500.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2009-0329.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2009-1062.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/436836/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/18034\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/1868\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/0381\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=128606\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190593\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190593#c8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=502565\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/26553\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://issues.rpath.com/browse/RPL-429\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9124\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/291-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01316.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01401.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

RHSA-2009_1062

Vulnerability from csaf_redhat - Published: 2009-05-22 12:06 - Updated: 2024-11-22 02:41

Summary

Red Hat Security Advisory: freetype security update

Severity

Important

Notes

Topic: Updated freetype packages that fix various security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having important security impact by the Red Hat Security Response Team.

Details: FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. These packages provide both the FreeType 1 and FreeType 2 font engines. Tavis Ormandy of the Google Security Team discovered several integer overflow flaws in the FreeType 2 font engine. If a user loaded a carefully-crafted font file with an application linked against FreeType 2, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2009-0946) Chris Evans discovered multiple integer overflow flaws in the FreeType font engine. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2006-1861) An integer overflow flaw was found in the way the FreeType font engine processed TrueType® Font (TTF) files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2007-2754) Note: For the FreeType 2 font engine, the CVE-2006-1861 and CVE-2007-2754 flaws were addressed via RHSA-2006:0500 and RHSA-2007:0403 respectively. This update provides corresponding updates for the FreeType 1 font engine, included in the freetype packages distributed in Red Hat Enterprise Linux 2.1. Users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2006-1861

CWE-190 - Integer Overflow or Wraparound

Affected products

Fixed 28 products

Product	Version	Remediation
Unresolved product id: 2.1AS:freetype-0:2.0.3-17.el21.i386	—	Vendor Fix fix
Unresolved product id: 2.1AS:freetype-0:2.0.3-17.el21.ia64	—	Vendor Fix fix
Unresolved product id: 2.1AS:freetype-0:2.0.3-17.el21.src	—	Vendor Fix fix
Unresolved product id: 2.1AS:freetype-devel-0:2.0.3-17.el21.i386	—	Vendor Fix fix
Unresolved product id: 2.1AS:freetype-devel-0:2.0.3-17.el21.ia64	—	Vendor Fix fix
Unresolved product id: 2.1AS:freetype-utils-0:2.0.3-17.el21.i386	—	Vendor Fix fix
Unresolved product id: 2.1AS:freetype-utils-0:2.0.3-17.el21.ia64	—	Vendor Fix fix
Unresolved product id: 2.1AW:freetype-0:2.0.3-17.el21.i386	—	Vendor Fix fix
Unresolved product id: 2.1AW:freetype-0:2.0.3-17.el21.ia64	—	Vendor Fix fix
Unresolved product id: 2.1AW:freetype-0:2.0.3-17.el21.src	—	Vendor Fix fix
Unresolved product id: 2.1AW:freetype-devel-0:2.0.3-17.el21.i386	—	Vendor Fix fix
Unresolved product id: 2.1AW:freetype-devel-0:2.0.3-17.el21.ia64	—	Vendor Fix fix
Unresolved product id: 2.1AW:freetype-utils-0:2.0.3-17.el21.i386	—	Vendor Fix fix
Unresolved product id: 2.1AW:freetype-utils-0:2.0.3-17.el21.ia64	—	Vendor Fix fix
Unresolved product id: 2.1ES:freetype-0:2.0.3-17.el21.i386	—	Vendor Fix fix
Unresolved product id: 2.1ES:freetype-0:2.0.3-17.el21.ia64	—	Vendor Fix fix
Unresolved product id: 2.1ES:freetype-0:2.0.3-17.el21.src	—	Vendor Fix fix
Unresolved product id: 2.1ES:freetype-devel-0:2.0.3-17.el21.i386	—	Vendor Fix fix
Unresolved product id: 2.1ES:freetype-devel-0:2.0.3-17.el21.ia64	—	Vendor Fix fix
Unresolved product id: 2.1ES:freetype-utils-0:2.0.3-17.el21.i386	—	Vendor Fix fix
Unresolved product id: 2.1ES:freetype-utils-0:2.0.3-17.el21.ia64	—	Vendor Fix fix
Unresolved product id: 2.1WS:freetype-0:2.0.3-17.el21.i386	—	Vendor Fix fix
Unresolved product id: 2.1WS:freetype-0:2.0.3-17.el21.ia64	—	Vendor Fix fix
Unresolved product id: 2.1WS:freetype-0:2.0.3-17.el21.src	—	Vendor Fix fix
Unresolved product id: 2.1WS:freetype-devel-0:2.0.3-17.el21.i386	—	Vendor Fix fix
Unresolved product id: 2.1WS:freetype-devel-0:2.0.3-17.el21.ia64	—	Vendor Fix fix
Unresolved product id: 2.1WS:freetype-utils-0:2.0.3-17.el21.i386	—	Vendor Fix fix
Unresolved product id: 2.1WS:freetype-utils-0:2.0.3-17.el21.ia64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2007-2754

Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overflow.

CWE-190 - Integer Overflow or Wraparound

Affected products

Fixed 28 products

Product	Version	Remediation
Unresolved product id: 2.1AS:freetype-0:2.0.3-17.el21.i386	—	Vendor Fix fix
Unresolved product id: 2.1AS:freetype-0:2.0.3-17.el21.ia64	—	Vendor Fix fix
Unresolved product id: 2.1AS:freetype-0:2.0.3-17.el21.src	—	Vendor Fix fix
Unresolved product id: 2.1AS:freetype-devel-0:2.0.3-17.el21.i386	—	Vendor Fix fix
Unresolved product id: 2.1AS:freetype-devel-0:2.0.3-17.el21.ia64	—	Vendor Fix fix
Unresolved product id: 2.1AS:freetype-utils-0:2.0.3-17.el21.i386	—	Vendor Fix fix
Unresolved product id: 2.1AS:freetype-utils-0:2.0.3-17.el21.ia64	—	Vendor Fix fix
Unresolved product id: 2.1AW:freetype-0:2.0.3-17.el21.i386	—	Vendor Fix fix
Unresolved product id: 2.1AW:freetype-0:2.0.3-17.el21.ia64	—	Vendor Fix fix
Unresolved product id: 2.1AW:freetype-0:2.0.3-17.el21.src	—	Vendor Fix fix
Unresolved product id: 2.1AW:freetype-devel-0:2.0.3-17.el21.i386	—	Vendor Fix fix
Unresolved product id: 2.1AW:freetype-devel-0:2.0.3-17.el21.ia64	—	Vendor Fix fix
Unresolved product id: 2.1AW:freetype-utils-0:2.0.3-17.el21.i386	—	Vendor Fix fix
Unresolved product id: 2.1AW:freetype-utils-0:2.0.3-17.el21.ia64	—	Vendor Fix fix
Unresolved product id: 2.1ES:freetype-0:2.0.3-17.el21.i386	—	Vendor Fix fix
Unresolved product id: 2.1ES:freetype-0:2.0.3-17.el21.ia64	—	Vendor Fix fix
Unresolved product id: 2.1ES:freetype-0:2.0.3-17.el21.src	—	Vendor Fix fix
Unresolved product id: 2.1ES:freetype-devel-0:2.0.3-17.el21.i386	—	Vendor Fix fix
Unresolved product id: 2.1ES:freetype-devel-0:2.0.3-17.el21.ia64	—	Vendor Fix fix
Unresolved product id: 2.1ES:freetype-utils-0:2.0.3-17.el21.i386	—	Vendor Fix fix
Unresolved product id: 2.1ES:freetype-utils-0:2.0.3-17.el21.ia64	—	Vendor Fix fix
Unresolved product id: 2.1WS:freetype-0:2.0.3-17.el21.i386	—	Vendor Fix fix
Unresolved product id: 2.1WS:freetype-0:2.0.3-17.el21.ia64	—	Vendor Fix fix
Unresolved product id: 2.1WS:freetype-0:2.0.3-17.el21.src	—	Vendor Fix fix
Unresolved product id: 2.1WS:freetype-devel-0:2.0.3-17.el21.i386	—	Vendor Fix fix
Unresolved product id: 2.1WS:freetype-devel-0:2.0.3-17.el21.ia64	—	Vendor Fix fix
Unresolved product id: 2.1WS:freetype-utils-0:2.0.3-17.el21.i386	—	Vendor Fix fix
Unresolved product id: 2.1WS:freetype-utils-0:2.0.3-17.el21.ia64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2009-0946

Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.

6.8 ()


                        
                          AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-190 - Integer Overflow or Wraparound

Affected products

Fixed 28 products

Product	Version	Remediation
Unresolved product id: 2.1AS:freetype-0:2.0.3-17.el21.i386	—	Vendor Fix fix
Unresolved product id: 2.1AS:freetype-0:2.0.3-17.el21.ia64	—	Vendor Fix fix
Unresolved product id: 2.1AS:freetype-0:2.0.3-17.el21.src	—	Vendor Fix fix
Unresolved product id: 2.1AS:freetype-devel-0:2.0.3-17.el21.i386	—	Vendor Fix fix
Unresolved product id: 2.1AS:freetype-devel-0:2.0.3-17.el21.ia64	—	Vendor Fix fix
Unresolved product id: 2.1AS:freetype-utils-0:2.0.3-17.el21.i386	—	Vendor Fix fix
Unresolved product id: 2.1AS:freetype-utils-0:2.0.3-17.el21.ia64	—	Vendor Fix fix
Unresolved product id: 2.1AW:freetype-0:2.0.3-17.el21.i386	—	Vendor Fix fix
Unresolved product id: 2.1AW:freetype-0:2.0.3-17.el21.ia64	—	Vendor Fix fix
Unresolved product id: 2.1AW:freetype-0:2.0.3-17.el21.src	—	Vendor Fix fix
Unresolved product id: 2.1AW:freetype-devel-0:2.0.3-17.el21.i386	—	Vendor Fix fix
Unresolved product id: 2.1AW:freetype-devel-0:2.0.3-17.el21.ia64	—	Vendor Fix fix
Unresolved product id: 2.1AW:freetype-utils-0:2.0.3-17.el21.i386	—	Vendor Fix fix
Unresolved product id: 2.1AW:freetype-utils-0:2.0.3-17.el21.ia64	—	Vendor Fix fix
Unresolved product id: 2.1ES:freetype-0:2.0.3-17.el21.i386	—	Vendor Fix fix
Unresolved product id: 2.1ES:freetype-0:2.0.3-17.el21.ia64	—	Vendor Fix fix
Unresolved product id: 2.1ES:freetype-0:2.0.3-17.el21.src	—	Vendor Fix fix
Unresolved product id: 2.1ES:freetype-devel-0:2.0.3-17.el21.i386	—	Vendor Fix fix
Unresolved product id: 2.1ES:freetype-devel-0:2.0.3-17.el21.ia64	—	Vendor Fix fix
Unresolved product id: 2.1ES:freetype-utils-0:2.0.3-17.el21.i386	—	Vendor Fix fix
Unresolved product id: 2.1ES:freetype-utils-0:2.0.3-17.el21.ia64	—	Vendor Fix fix
Unresolved product id: 2.1WS:freetype-0:2.0.3-17.el21.i386	—	Vendor Fix fix
Unresolved product id: 2.1WS:freetype-0:2.0.3-17.el21.ia64	—	Vendor Fix fix
Unresolved product id: 2.1WS:freetype-0:2.0.3-17.el21.src	—	Vendor Fix fix
Unresolved product id: 2.1WS:freetype-devel-0:2.0.3-17.el21.i386	—	Vendor Fix fix
Unresolved product id: 2.1WS:freetype-devel-0:2.0.3-17.el21.ia64	—	Vendor Fix fix
Unresolved product id: 2.1WS:freetype-utils-0:2.0.3-17.el21.i386	—	Vendor Fix fix
Unresolved product id: 2.1WS:freetype-utils-0:2.0.3-17.el21.ia64	—	Vendor Fix fix

Threats

Impact Important

References

18 references

URL	Category
https://access.redhat.com/errata/RHSA-2009:1062	self
http://www.redhat.com/security/updates/classifica…	external
https://bugzilla.redhat.com/show_bug.cgi?id=240200	external
https://bugzilla.redhat.com/show_bug.cgi?id=484437	external
https://bugzilla.redhat.com/show_bug.cgi?id=491384	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2006-1861	self
https://bugzilla.redhat.com/show_bug.cgi?id=484437	external
https://www.cve.org/CVERecord?id=CVE-2006-1861	external
https://nvd.nist.gov/vuln/detail/CVE-2006-1861	external
https://access.redhat.com/security/cve/CVE-2007-2754	self
https://bugzilla.redhat.com/show_bug.cgi?id=240200	external
https://www.cve.org/CVERecord?id=CVE-2007-2754	external
https://nvd.nist.gov/vuln/detail/CVE-2007-2754	external
https://access.redhat.com/security/cve/CVE-2009-0946	self
https://bugzilla.redhat.com/show_bug.cgi?id=491384	external
https://www.cve.org/CVERecord?id=CVE-2009-0946	external
https://nvd.nist.gov/vuln/detail/CVE-2009-0946	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated freetype packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 2.1.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "FreeType is a free, high-quality, portable font engine that can open and\nmanage font files. It also loads, hints, and renders individual glyphs\nefficiently. These packages provide both the FreeType 1 and FreeType 2\nfont engines.\n\nTavis Ormandy of the Google Security Team discovered several integer\noverflow flaws in the FreeType 2 font engine. If a user loaded a\ncarefully-crafted font file with an application linked against FreeType 2,\nit could cause the application to crash or, possibly, execute arbitrary\ncode with the privileges of the user running the application.\n(CVE-2009-0946)\n\nChris Evans discovered multiple integer overflow flaws in the FreeType font\nengine. If a user loaded a carefully-crafted font file with an application\nlinked against FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2006-1861)\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed TrueType\u00ae Font (TTF) files. If a user loaded a carefully-crafted\nfont file with an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2007-2754)\n\nNote: For the FreeType 2 font engine, the CVE-2006-1861 and CVE-2007-2754\nflaws were addressed via RHSA-2006:0500 and RHSA-2007:0403 respectively.\nThis update provides corresponding updates for the FreeType 1 font engine,\nincluded in the freetype packages distributed in Red Hat Enterprise Linux\n2.1.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be restarted\n(log out, then log back in) for this update to take effect.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2009:1062",
        "url": "https://access.redhat.com/errata/RHSA-2009:1062"
      },
      {
        "category": "external",
        "summary": "http://www.redhat.com/security/updates/classification/#important",
        "url": "http://www.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "240200",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=240200"
      },
      {
        "category": "external",
        "summary": "484437",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=484437"
      },
      {
        "category": "external",
        "summary": "491384",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=491384"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1062.json"
      }
    ],
    "title": "Red Hat Security Advisory: freetype security update",
    "tracking": {
      "current_release_date": "2024-11-22T02:41:42+00:00",
      "generator": {
        "date": "2024-11-22T02:41:42+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2009:1062",
      "initial_release_date": "2009-05-22T12:06:00+00:00",
      "revision_history": [
        {
          "date": "2009-05-22T12:06:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2009-05-22T08:06:25+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T02:41:42+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                "product": {
                  "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_id": "2.1AS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux Advanced Workstation 2.1",
                "product": {
                  "name": "Red Hat Linux Advanced Workstation 2.1",
                  "product_id": "2.1AW",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::aw"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 2.1",
                  "product_id": "2.1ES",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::es"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 2.1",
                  "product_id": "2.1WS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::ws"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "freetype-utils-0:2.0.3-17.el21.ia64",
                "product": {
                  "name": "freetype-utils-0:2.0.3-17.el21.ia64",
                  "product_id": "freetype-utils-0:2.0.3-17.el21.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freetype-utils@2.0.3-17.el21?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "freetype-devel-0:2.0.3-17.el21.ia64",
                "product": {
                  "name": "freetype-devel-0:2.0.3-17.el21.ia64",
                  "product_id": "freetype-devel-0:2.0.3-17.el21.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freetype-devel@2.0.3-17.el21?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "freetype-0:2.0.3-17.el21.ia64",
                "product": {
                  "name": "freetype-0:2.0.3-17.el21.ia64",
                  "product_id": "freetype-0:2.0.3-17.el21.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freetype@2.0.3-17.el21?arch=ia64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ia64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "freetype-0:2.0.3-17.el21.src",
                "product": {
                  "name": "freetype-0:2.0.3-17.el21.src",
                  "product_id": "freetype-0:2.0.3-17.el21.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freetype@2.0.3-17.el21?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "freetype-utils-0:2.0.3-17.el21.i386",
                "product": {
                  "name": "freetype-utils-0:2.0.3-17.el21.i386",
                  "product_id": "freetype-utils-0:2.0.3-17.el21.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freetype-utils@2.0.3-17.el21?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "freetype-devel-0:2.0.3-17.el21.i386",
                "product": {
                  "name": "freetype-devel-0:2.0.3-17.el21.i386",
                  "product_id": "freetype-devel-0:2.0.3-17.el21.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freetype-devel@2.0.3-17.el21?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "freetype-0:2.0.3-17.el21.i386",
                "product": {
                  "name": "freetype-0:2.0.3-17.el21.i386",
                  "product_id": "freetype-0:2.0.3-17.el21.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freetype@2.0.3-17.el21?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freetype-0:2.0.3-17.el21.i386 as a component of Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "product_id": "2.1AS:freetype-0:2.0.3-17.el21.i386"
        },
        "product_reference": "freetype-0:2.0.3-17.el21.i386",
        "relates_to_product_reference": "2.1AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freetype-0:2.0.3-17.el21.ia64 as a component of Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "product_id": "2.1AS:freetype-0:2.0.3-17.el21.ia64"
        },
        "product_reference": "freetype-0:2.0.3-17.el21.ia64",
        "relates_to_product_reference": "2.1AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freetype-0:2.0.3-17.el21.src as a component of Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "product_id": "2.1AS:freetype-0:2.0.3-17.el21.src"
        },
        "product_reference": "freetype-0:2.0.3-17.el21.src",
        "relates_to_product_reference": "2.1AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freetype-devel-0:2.0.3-17.el21.i386 as a component of Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "product_id": "2.1AS:freetype-devel-0:2.0.3-17.el21.i386"
        },
        "product_reference": "freetype-devel-0:2.0.3-17.el21.i386",
        "relates_to_product_reference": "2.1AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freetype-devel-0:2.0.3-17.el21.ia64 as a component of Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "product_id": "2.1AS:freetype-devel-0:2.0.3-17.el21.ia64"
        },
        "product_reference": "freetype-devel-0:2.0.3-17.el21.ia64",
        "relates_to_product_reference": "2.1AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freetype-utils-0:2.0.3-17.el21.i386 as a component of Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "product_id": "2.1AS:freetype-utils-0:2.0.3-17.el21.i386"
        },
        "product_reference": "freetype-utils-0:2.0.3-17.el21.i386",
        "relates_to_product_reference": "2.1AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freetype-utils-0:2.0.3-17.el21.ia64 as a component of Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "product_id": "2.1AS:freetype-utils-0:2.0.3-17.el21.ia64"
        },
        "product_reference": "freetype-utils-0:2.0.3-17.el21.ia64",
        "relates_to_product_reference": "2.1AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freetype-0:2.0.3-17.el21.i386 as a component of Red Hat Linux Advanced Workstation 2.1",
          "product_id": "2.1AW:freetype-0:2.0.3-17.el21.i386"
        },
        "product_reference": "freetype-0:2.0.3-17.el21.i386",
        "relates_to_product_reference": "2.1AW"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freetype-0:2.0.3-17.el21.ia64 as a component of Red Hat Linux Advanced Workstation 2.1",
          "product_id": "2.1AW:freetype-0:2.0.3-17.el21.ia64"
        },
        "product_reference": "freetype-0:2.0.3-17.el21.ia64",
        "relates_to_product_reference": "2.1AW"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freetype-0:2.0.3-17.el21.src as a component of Red Hat Linux Advanced Workstation 2.1",
          "product_id": "2.1AW:freetype-0:2.0.3-17.el21.src"
        },
        "product_reference": "freetype-0:2.0.3-17.el21.src",
        "relates_to_product_reference": "2.1AW"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freetype-devel-0:2.0.3-17.el21.i386 as a component of Red Hat Linux Advanced Workstation 2.1",
          "product_id": "2.1AW:freetype-devel-0:2.0.3-17.el21.i386"
        },
        "product_reference": "freetype-devel-0:2.0.3-17.el21.i386",
        "relates_to_product_reference": "2.1AW"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freetype-devel-0:2.0.3-17.el21.ia64 as a component of Red Hat Linux Advanced Workstation 2.1",
          "product_id": "2.1AW:freetype-devel-0:2.0.3-17.el21.ia64"
        },
        "product_reference": "freetype-devel-0:2.0.3-17.el21.ia64",
        "relates_to_product_reference": "2.1AW"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freetype-utils-0:2.0.3-17.el21.i386 as a component of Red Hat Linux Advanced Workstation 2.1",
          "product_id": "2.1AW:freetype-utils-0:2.0.3-17.el21.i386"
        },
        "product_reference": "freetype-utils-0:2.0.3-17.el21.i386",
        "relates_to_product_reference": "2.1AW"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freetype-utils-0:2.0.3-17.el21.ia64 as a component of Red Hat Linux Advanced Workstation 2.1",
          "product_id": "2.1AW:freetype-utils-0:2.0.3-17.el21.ia64"
        },
        "product_reference": "freetype-utils-0:2.0.3-17.el21.ia64",
        "relates_to_product_reference": "2.1AW"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freetype-0:2.0.3-17.el21.i386 as a component of Red Hat Enterprise Linux ES version 2.1",
          "product_id": "2.1ES:freetype-0:2.0.3-17.el21.i386"
        },
        "product_reference": "freetype-0:2.0.3-17.el21.i386",
        "relates_to_product_reference": "2.1ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freetype-0:2.0.3-17.el21.ia64 as a component of Red Hat Enterprise Linux ES version 2.1",
          "product_id": "2.1ES:freetype-0:2.0.3-17.el21.ia64"
        },
        "product_reference": "freetype-0:2.0.3-17.el21.ia64",
        "relates_to_product_reference": "2.1ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freetype-0:2.0.3-17.el21.src as a component of Red Hat Enterprise Linux ES version 2.1",
          "product_id": "2.1ES:freetype-0:2.0.3-17.el21.src"
        },
        "product_reference": "freetype-0:2.0.3-17.el21.src",
        "relates_to_product_reference": "2.1ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freetype-devel-0:2.0.3-17.el21.i386 as a component of Red Hat Enterprise Linux ES version 2.1",
          "product_id": "2.1ES:freetype-devel-0:2.0.3-17.el21.i386"
        },
        "product_reference": "freetype-devel-0:2.0.3-17.el21.i386",
        "relates_to_product_reference": "2.1ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freetype-devel-0:2.0.3-17.el21.ia64 as a component of Red Hat Enterprise Linux ES version 2.1",
          "product_id": "2.1ES:freetype-devel-0:2.0.3-17.el21.ia64"
        },
        "product_reference": "freetype-devel-0:2.0.3-17.el21.ia64",
        "relates_to_product_reference": "2.1ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freetype-utils-0:2.0.3-17.el21.i386 as a component of Red Hat Enterprise Linux ES version 2.1",
          "product_id": "2.1ES:freetype-utils-0:2.0.3-17.el21.i386"
        },
        "product_reference": "freetype-utils-0:2.0.3-17.el21.i386",
        "relates_to_product_reference": "2.1ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freetype-utils-0:2.0.3-17.el21.ia64 as a component of Red Hat Enterprise Linux ES version 2.1",
          "product_id": "2.1ES:freetype-utils-0:2.0.3-17.el21.ia64"
        },
        "product_reference": "freetype-utils-0:2.0.3-17.el21.ia64",
        "relates_to_product_reference": "2.1ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freetype-0:2.0.3-17.el21.i386 as a component of Red Hat Enterprise Linux WS version 2.1",
          "product_id": "2.1WS:freetype-0:2.0.3-17.el21.i386"
        },
        "product_reference": "freetype-0:2.0.3-17.el21.i386",
        "relates_to_product_reference": "2.1WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freetype-0:2.0.3-17.el21.ia64 as a component of Red Hat Enterprise Linux WS version 2.1",
          "product_id": "2.1WS:freetype-0:2.0.3-17.el21.ia64"
        },
        "product_reference": "freetype-0:2.0.3-17.el21.ia64",
        "relates_to_product_reference": "2.1WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freetype-0:2.0.3-17.el21.src as a component of Red Hat Enterprise Linux WS version 2.1",
          "product_id": "2.1WS:freetype-0:2.0.3-17.el21.src"
        },
        "product_reference": "freetype-0:2.0.3-17.el21.src",
        "relates_to_product_reference": "2.1WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freetype-devel-0:2.0.3-17.el21.i386 as a component of Red Hat Enterprise Linux WS version 2.1",
          "product_id": "2.1WS:freetype-devel-0:2.0.3-17.el21.i386"
        },
        "product_reference": "freetype-devel-0:2.0.3-17.el21.i386",
        "relates_to_product_reference": "2.1WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freetype-devel-0:2.0.3-17.el21.ia64 as a component of Red Hat Enterprise Linux WS version 2.1",
          "product_id": "2.1WS:freetype-devel-0:2.0.3-17.el21.ia64"
        },
        "product_reference": "freetype-devel-0:2.0.3-17.el21.ia64",
        "relates_to_product_reference": "2.1WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freetype-utils-0:2.0.3-17.el21.i386 as a component of Red Hat Enterprise Linux WS version 2.1",
          "product_id": "2.1WS:freetype-utils-0:2.0.3-17.el21.i386"
        },
        "product_reference": "freetype-utils-0:2.0.3-17.el21.i386",
        "relates_to_product_reference": "2.1WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freetype-utils-0:2.0.3-17.el21.ia64 as a component of Red Hat Enterprise Linux WS version 2.1",
          "product_id": "2.1WS:freetype-utils-0:2.0.3-17.el21.ia64"
        },
        "product_reference": "freetype-utils-0:2.0.3-17.el21.ia64",
        "relates_to_product_reference": "2.1WS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2006-1861",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "discovery_date": "2006-03-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "484437"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple integer overflows in FreeType before 2.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to (1) bdf/bdflib.c, (2) sfnt/ttcmap.c, (3) cff/cffgload.c, and (4) the read_lwfn function and a crafted LWFN file in base/ftmac.c.  NOTE: item 4 was originally identified by CVE-2006-2493.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "freetype: multiple integer overflow vulnerabilities",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "2.1AS:freetype-0:2.0.3-17.el21.i386",
          "2.1AS:freetype-0:2.0.3-17.el21.ia64",
          "2.1AS:freetype-0:2.0.3-17.el21.src",
          "2.1AS:freetype-devel-0:2.0.3-17.el21.i386",
          "2.1AS:freetype-devel-0:2.0.3-17.el21.ia64",
          "2.1AS:freetype-utils-0:2.0.3-17.el21.i386",
          "2.1AS:freetype-utils-0:2.0.3-17.el21.ia64",
          "2.1AW:freetype-0:2.0.3-17.el21.i386",
          "2.1AW:freetype-0:2.0.3-17.el21.ia64",
          "2.1AW:freetype-0:2.0.3-17.el21.src",
          "2.1AW:freetype-devel-0:2.0.3-17.el21.i386",
          "2.1AW:freetype-devel-0:2.0.3-17.el21.ia64",
          "2.1AW:freetype-utils-0:2.0.3-17.el21.i386",
          "2.1AW:freetype-utils-0:2.0.3-17.el21.ia64",
          "2.1ES:freetype-0:2.0.3-17.el21.i386",
          "2.1ES:freetype-0:2.0.3-17.el21.ia64",
          "2.1ES:freetype-0:2.0.3-17.el21.src",
          "2.1ES:freetype-devel-0:2.0.3-17.el21.i386",
          "2.1ES:freetype-devel-0:2.0.3-17.el21.ia64",
          "2.1ES:freetype-utils-0:2.0.3-17.el21.i386",
          "2.1ES:freetype-utils-0:2.0.3-17.el21.ia64",
          "2.1WS:freetype-0:2.0.3-17.el21.i386",
          "2.1WS:freetype-0:2.0.3-17.el21.ia64",
          "2.1WS:freetype-0:2.0.3-17.el21.src",
          "2.1WS:freetype-devel-0:2.0.3-17.el21.i386",
          "2.1WS:freetype-devel-0:2.0.3-17.el21.ia64",
          "2.1WS:freetype-utils-0:2.0.3-17.el21.i386",
          "2.1WS:freetype-utils-0:2.0.3-17.el21.ia64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-1861"
        },
        {
          "category": "external",
          "summary": "RHBZ#484437",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=484437"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-1861",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-1861"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-1861",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-1861"
        }
      ],
      "release_date": "2006-05-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-05-22T12:06:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "2.1AS:freetype-0:2.0.3-17.el21.i386",
            "2.1AS:freetype-0:2.0.3-17.el21.ia64",
            "2.1AS:freetype-0:2.0.3-17.el21.src",
            "2.1AS:freetype-devel-0:2.0.3-17.el21.i386",
            "2.1AS:freetype-devel-0:2.0.3-17.el21.ia64",
            "2.1AS:freetype-utils-0:2.0.3-17.el21.i386",
            "2.1AS:freetype-utils-0:2.0.3-17.el21.ia64",
            "2.1AW:freetype-0:2.0.3-17.el21.i386",
            "2.1AW:freetype-0:2.0.3-17.el21.ia64",
            "2.1AW:freetype-0:2.0.3-17.el21.src",
            "2.1AW:freetype-devel-0:2.0.3-17.el21.i386",
            "2.1AW:freetype-devel-0:2.0.3-17.el21.ia64",
            "2.1AW:freetype-utils-0:2.0.3-17.el21.i386",
            "2.1AW:freetype-utils-0:2.0.3-17.el21.ia64",
            "2.1ES:freetype-0:2.0.3-17.el21.i386",
            "2.1ES:freetype-0:2.0.3-17.el21.ia64",
            "2.1ES:freetype-0:2.0.3-17.el21.src",
            "2.1ES:freetype-devel-0:2.0.3-17.el21.i386",
            "2.1ES:freetype-devel-0:2.0.3-17.el21.ia64",
            "2.1ES:freetype-utils-0:2.0.3-17.el21.i386",
            "2.1ES:freetype-utils-0:2.0.3-17.el21.ia64",
            "2.1WS:freetype-0:2.0.3-17.el21.i386",
            "2.1WS:freetype-0:2.0.3-17.el21.ia64",
            "2.1WS:freetype-0:2.0.3-17.el21.src",
            "2.1WS:freetype-devel-0:2.0.3-17.el21.i386",
            "2.1WS:freetype-devel-0:2.0.3-17.el21.ia64",
            "2.1WS:freetype-utils-0:2.0.3-17.el21.i386",
            "2.1WS:freetype-utils-0:2.0.3-17.el21.ia64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1062"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "freetype: multiple integer overflow vulnerabilities"
    },
    {
      "cve": "CVE-2007-2754",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "discovery_date": "2007-04-28T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "240200"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overflow.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "freetype integer overflow",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "2.1AS:freetype-0:2.0.3-17.el21.i386",
          "2.1AS:freetype-0:2.0.3-17.el21.ia64",
          "2.1AS:freetype-0:2.0.3-17.el21.src",
          "2.1AS:freetype-devel-0:2.0.3-17.el21.i386",
          "2.1AS:freetype-devel-0:2.0.3-17.el21.ia64",
          "2.1AS:freetype-utils-0:2.0.3-17.el21.i386",
          "2.1AS:freetype-utils-0:2.0.3-17.el21.ia64",
          "2.1AW:freetype-0:2.0.3-17.el21.i386",
          "2.1AW:freetype-0:2.0.3-17.el21.ia64",
          "2.1AW:freetype-0:2.0.3-17.el21.src",
          "2.1AW:freetype-devel-0:2.0.3-17.el21.i386",
          "2.1AW:freetype-devel-0:2.0.3-17.el21.ia64",
          "2.1AW:freetype-utils-0:2.0.3-17.el21.i386",
          "2.1AW:freetype-utils-0:2.0.3-17.el21.ia64",
          "2.1ES:freetype-0:2.0.3-17.el21.i386",
          "2.1ES:freetype-0:2.0.3-17.el21.ia64",
          "2.1ES:freetype-0:2.0.3-17.el21.src",
          "2.1ES:freetype-devel-0:2.0.3-17.el21.i386",
          "2.1ES:freetype-devel-0:2.0.3-17.el21.ia64",
          "2.1ES:freetype-utils-0:2.0.3-17.el21.i386",
          "2.1ES:freetype-utils-0:2.0.3-17.el21.ia64",
          "2.1WS:freetype-0:2.0.3-17.el21.i386",
          "2.1WS:freetype-0:2.0.3-17.el21.ia64",
          "2.1WS:freetype-0:2.0.3-17.el21.src",
          "2.1WS:freetype-devel-0:2.0.3-17.el21.i386",
          "2.1WS:freetype-devel-0:2.0.3-17.el21.ia64",
          "2.1WS:freetype-utils-0:2.0.3-17.el21.i386",
          "2.1WS:freetype-utils-0:2.0.3-17.el21.ia64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-2754"
        },
        {
          "category": "external",
          "summary": "RHBZ#240200",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=240200"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-2754",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-2754"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-2754",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2754"
        }
      ],
      "release_date": "2007-04-27T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-05-22T12:06:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "2.1AS:freetype-0:2.0.3-17.el21.i386",
            "2.1AS:freetype-0:2.0.3-17.el21.ia64",
            "2.1AS:freetype-0:2.0.3-17.el21.src",
            "2.1AS:freetype-devel-0:2.0.3-17.el21.i386",
            "2.1AS:freetype-devel-0:2.0.3-17.el21.ia64",
            "2.1AS:freetype-utils-0:2.0.3-17.el21.i386",
            "2.1AS:freetype-utils-0:2.0.3-17.el21.ia64",
            "2.1AW:freetype-0:2.0.3-17.el21.i386",
            "2.1AW:freetype-0:2.0.3-17.el21.ia64",
            "2.1AW:freetype-0:2.0.3-17.el21.src",
            "2.1AW:freetype-devel-0:2.0.3-17.el21.i386",
            "2.1AW:freetype-devel-0:2.0.3-17.el21.ia64",
            "2.1AW:freetype-utils-0:2.0.3-17.el21.i386",
            "2.1AW:freetype-utils-0:2.0.3-17.el21.ia64",
            "2.1ES:freetype-0:2.0.3-17.el21.i386",
            "2.1ES:freetype-0:2.0.3-17.el21.ia64",
            "2.1ES:freetype-0:2.0.3-17.el21.src",
            "2.1ES:freetype-devel-0:2.0.3-17.el21.i386",
            "2.1ES:freetype-devel-0:2.0.3-17.el21.ia64",
            "2.1ES:freetype-utils-0:2.0.3-17.el21.i386",
            "2.1ES:freetype-utils-0:2.0.3-17.el21.ia64",
            "2.1WS:freetype-0:2.0.3-17.el21.i386",
            "2.1WS:freetype-0:2.0.3-17.el21.ia64",
            "2.1WS:freetype-0:2.0.3-17.el21.src",
            "2.1WS:freetype-devel-0:2.0.3-17.el21.i386",
            "2.1WS:freetype-devel-0:2.0.3-17.el21.ia64",
            "2.1WS:freetype-utils-0:2.0.3-17.el21.i386",
            "2.1WS:freetype-utils-0:2.0.3-17.el21.ia64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1062"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "freetype integer overflow"
    },
    {
      "cve": "CVE-2009-0946",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "discovery_date": "2009-03-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "491384"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "freetype: multiple integer overflows",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "2.1AS:freetype-0:2.0.3-17.el21.i386",
          "2.1AS:freetype-0:2.0.3-17.el21.ia64",
          "2.1AS:freetype-0:2.0.3-17.el21.src",
          "2.1AS:freetype-devel-0:2.0.3-17.el21.i386",
          "2.1AS:freetype-devel-0:2.0.3-17.el21.ia64",
          "2.1AS:freetype-utils-0:2.0.3-17.el21.i386",
          "2.1AS:freetype-utils-0:2.0.3-17.el21.ia64",
          "2.1AW:freetype-0:2.0.3-17.el21.i386",
          "2.1AW:freetype-0:2.0.3-17.el21.ia64",
          "2.1AW:freetype-0:2.0.3-17.el21.src",
          "2.1AW:freetype-devel-0:2.0.3-17.el21.i386",
          "2.1AW:freetype-devel-0:2.0.3-17.el21.ia64",
          "2.1AW:freetype-utils-0:2.0.3-17.el21.i386",
          "2.1AW:freetype-utils-0:2.0.3-17.el21.ia64",
          "2.1ES:freetype-0:2.0.3-17.el21.i386",
          "2.1ES:freetype-0:2.0.3-17.el21.ia64",
          "2.1ES:freetype-0:2.0.3-17.el21.src",
          "2.1ES:freetype-devel-0:2.0.3-17.el21.i386",
          "2.1ES:freetype-devel-0:2.0.3-17.el21.ia64",
          "2.1ES:freetype-utils-0:2.0.3-17.el21.i386",
          "2.1ES:freetype-utils-0:2.0.3-17.el21.ia64",
          "2.1WS:freetype-0:2.0.3-17.el21.i386",
          "2.1WS:freetype-0:2.0.3-17.el21.ia64",
          "2.1WS:freetype-0:2.0.3-17.el21.src",
          "2.1WS:freetype-devel-0:2.0.3-17.el21.i386",
          "2.1WS:freetype-devel-0:2.0.3-17.el21.ia64",
          "2.1WS:freetype-utils-0:2.0.3-17.el21.i386",
          "2.1WS:freetype-utils-0:2.0.3-17.el21.ia64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0946"
        },
        {
          "category": "external",
          "summary": "RHBZ#491384",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=491384"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0946",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0946"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0946",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0946"
        }
      ],
      "release_date": "2009-03-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-05-22T12:06:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "2.1AS:freetype-0:2.0.3-17.el21.i386",
            "2.1AS:freetype-0:2.0.3-17.el21.ia64",
            "2.1AS:freetype-0:2.0.3-17.el21.src",
            "2.1AS:freetype-devel-0:2.0.3-17.el21.i386",
            "2.1AS:freetype-devel-0:2.0.3-17.el21.ia64",
            "2.1AS:freetype-utils-0:2.0.3-17.el21.i386",
            "2.1AS:freetype-utils-0:2.0.3-17.el21.ia64",
            "2.1AW:freetype-0:2.0.3-17.el21.i386",
            "2.1AW:freetype-0:2.0.3-17.el21.ia64",
            "2.1AW:freetype-0:2.0.3-17.el21.src",
            "2.1AW:freetype-devel-0:2.0.3-17.el21.i386",
            "2.1AW:freetype-devel-0:2.0.3-17.el21.ia64",
            "2.1AW:freetype-utils-0:2.0.3-17.el21.i386",
            "2.1AW:freetype-utils-0:2.0.3-17.el21.ia64",
            "2.1ES:freetype-0:2.0.3-17.el21.i386",
            "2.1ES:freetype-0:2.0.3-17.el21.ia64",
            "2.1ES:freetype-0:2.0.3-17.el21.src",
            "2.1ES:freetype-devel-0:2.0.3-17.el21.i386",
            "2.1ES:freetype-devel-0:2.0.3-17.el21.ia64",
            "2.1ES:freetype-utils-0:2.0.3-17.el21.i386",
            "2.1ES:freetype-utils-0:2.0.3-17.el21.ia64",
            "2.1WS:freetype-0:2.0.3-17.el21.i386",
            "2.1WS:freetype-0:2.0.3-17.el21.ia64",
            "2.1WS:freetype-0:2.0.3-17.el21.src",
            "2.1WS:freetype-devel-0:2.0.3-17.el21.i386",
            "2.1WS:freetype-devel-0:2.0.3-17.el21.ia64",
            "2.1WS:freetype-utils-0:2.0.3-17.el21.i386",
            "2.1WS:freetype-utils-0:2.0.3-17.el21.ia64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1062"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "2.1AS:freetype-0:2.0.3-17.el21.i386",
            "2.1AS:freetype-0:2.0.3-17.el21.ia64",
            "2.1AS:freetype-0:2.0.3-17.el21.src",
            "2.1AS:freetype-devel-0:2.0.3-17.el21.i386",
            "2.1AS:freetype-devel-0:2.0.3-17.el21.ia64",
            "2.1AS:freetype-utils-0:2.0.3-17.el21.i386",
            "2.1AS:freetype-utils-0:2.0.3-17.el21.ia64",
            "2.1AW:freetype-0:2.0.3-17.el21.i386",
            "2.1AW:freetype-0:2.0.3-17.el21.ia64",
            "2.1AW:freetype-0:2.0.3-17.el21.src",
            "2.1AW:freetype-devel-0:2.0.3-17.el21.i386",
            "2.1AW:freetype-devel-0:2.0.3-17.el21.ia64",
            "2.1AW:freetype-utils-0:2.0.3-17.el21.i386",
            "2.1AW:freetype-utils-0:2.0.3-17.el21.ia64",
            "2.1ES:freetype-0:2.0.3-17.el21.i386",
            "2.1ES:freetype-0:2.0.3-17.el21.ia64",
            "2.1ES:freetype-0:2.0.3-17.el21.src",
            "2.1ES:freetype-devel-0:2.0.3-17.el21.i386",
            "2.1ES:freetype-devel-0:2.0.3-17.el21.ia64",
            "2.1ES:freetype-utils-0:2.0.3-17.el21.i386",
            "2.1ES:freetype-utils-0:2.0.3-17.el21.ia64",
            "2.1WS:freetype-0:2.0.3-17.el21.i386",
            "2.1WS:freetype-0:2.0.3-17.el21.ia64",
            "2.1WS:freetype-0:2.0.3-17.el21.src",
            "2.1WS:freetype-devel-0:2.0.3-17.el21.i386",
            "2.1WS:freetype-devel-0:2.0.3-17.el21.ia64",
            "2.1WS:freetype-utils-0:2.0.3-17.el21.i386",
            "2.1WS:freetype-utils-0:2.0.3-17.el21.ia64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "freetype: multiple integer overflows"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2006-1861 (GCVE-0-2006-1861)

RHSA-2009_1062

Tags

Sightings

Nomenclature