ID CVE-2006-2661
Summary ftutil.c in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a crafted font file that triggers a null dereference.
References
Vulnerable Configurations
  • FreeType 2.0.9
    cpe:2.3:a:freetype:freetype:2.0.9
  • FreeType 2.1
    cpe:2.3:a:freetype:freetype:2.1
  • FreeType 2.1.3
    cpe:2.3:a:freetype:freetype:2.1.3
  • FreeType 2.1.4
    cpe:2.3:a:freetype:freetype:2.1.4
  • FreeType 2.1.5
    cpe:2.3:a:freetype:freetype:2.1.5
  • FreeType 2.1.6
    cpe:2.3:a:freetype:freetype:2.1.6
  • FreeType 2.1.7
    cpe:2.3:a:freetype:freetype:2.1.7
  • FreeType 2.1.8
    cpe:2.3:a:freetype:freetype:2.1.8
  • FreeType 2.1.8 rc1
    cpe:2.3:a:freetype:freetype:2.1.8_rc1
  • FreeType 2.1.9
    cpe:2.3:a:freetype:freetype:2.1.9
  • FreeType 2.1.10
    cpe:2.3:a:freetype:freetype:2.1.10
CVSS
Base: 5.0 (as of 30-05-2006 - 15:19)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
exploit-db via4
description FreeType TTF File Remote Denial of Service Vulnerability. CVE-2006-2661. Dos exploits for multiple platform
id EDB-ID:27993
last seen 2016-02-03
modified 2006-06-08
published 2006-06-08
reporter Josh Bressers
source https://www.exploit-db.com/download/27993/
title FreeType TTF File Remote Denial of Service Vulnerability
nessus via4
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2006-0500.NASL
    description Updated freetype packages that fix several security flaws are now available for Red Hat Enterprise Linux. This update has been rated as having moderate security impact by the Red Hat Security Response Team. FreeType is a free, high-quality, and portable font engine. Chris Evans discovered several integer underflow and overflow flaws in the FreeType font engine. If a user loads a carefully crafted font file with a program linked against FreeType, it could cause the application to crash or execute arbitrary code as the user. While it is uncommon for a user to explicitly load a font file, there are several application file formats which contain embedded fonts that are parsed by FreeType. (CVE-2006-0747, CVE-2006-1861, CVE-2006-3467) A NULL pointer dereference flaw was found in the FreeType font engine. An application linked against FreeType can crash upon loading a malformed font file. (CVE-2006-2661) Users of FreeType should upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 22064
    published 2006-07-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22064
    title CentOS 3 / 4 : freetype (CESA-2006:0500)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2006-0500.NASL
    description Updated freetype packages that fix several security flaws are now available for Red Hat Enterprise Linux. This update has been rated as having moderate security impact by the Red Hat Security Response Team. FreeType is a free, high-quality, and portable font engine. Chris Evans discovered several integer underflow and overflow flaws in the FreeType font engine. If a user loads a carefully crafted font file with a program linked against FreeType, it could cause the application to crash or execute arbitrary code as the user. While it is uncommon for a user to explicitly load a font file, there are several application file formats which contain embedded fonts that are parsed by FreeType. (CVE-2006-0747, CVE-2006-1861, CVE-2006-3467) A NULL pointer dereference flaw was found in the FreeType font engine. An application linked against FreeType can crash upon loading a malformed font file. (CVE-2006-2661) Users of FreeType should upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 22068
    published 2006-07-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22068
    title RHEL 2.1 / 3 / 4 : freetype (RHSA-2006:0500)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_FREETYPE2-1608.NASL
    description Fixes for: CVE-2006-0747, CVE-2006-1054, CVE-2006-1861, CVE-2006-2493, CVE-2006-2661. This patch fixes a few integer overflows in freetype 2. Without this patch it is possible to create font files which make freetype 2 crash.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27224
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27224
    title openSUSE 10 Security Update : freetype2 (freetype2-1608)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-291-1.NASL
    description Several integer overflows have been discovered in the FreeType library. By tricking a user into installing and/or opening a specially crafted font file, these could be exploited to execute arbitrary code with the privileges of that user. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 27863
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27863
    title Ubuntu 5.04 / 5.10 / 6.06 LTS : freetype vulnerabilities (USN-291-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-099.NASL
    description Integer underflow in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a font file with an odd number of blue values, which causes the underflow when decrementing by 2 in a context that assumes an even number of values. (CVE-2006-0747) Multiple integer overflows in FreeType before 2.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to (1) bdf/bdflib.c, (2) sfnt/ttcmap.c, (3) cff/cffgload.c, and (4) the read_lwfn function and a crafted LWFN file in base/ftmac.c. (CVE-2006-1861) Ftutil.c in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a crafted font file that triggers a null dereference. (CVE-2006-2661) In addition, a patch is applied to 2.1.10 in Mandriva 2006 to fix a serious bug in ttkern.c that caused some programs to go into an infinite loop when dealing with fonts that don't have a properly sorted kerning sub-table. This patch is not applicable to the earlier Mandriva releases. Update : The previous update introduced some issues with other applications and libraries linked to libfreetype, that were missed in testing for the vulnerability issues. The new packages correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 21715
    published 2006-06-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21715
    title Mandrake Linux Security Advisory : freetype2 (MDKSA-2006:099-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1095.NASL
    description Several problems have been discovered in the FreeType 2 font engine. The Common vulnerabilities and Exposures project identifies the following problems : - CVE-2006-0747 Several integer underflows have been discovered which could allow remote attackers to cause a denial of service. - CVE-2006-1861 Chris Evans discovered several integer overflows that lead to a denial of service or could possibly even lead to the execution of arbitrary code. - CVE-2006-2493 Several more integer overflows have been discovered which could possibly lead to the execution of arbitrary code. - CVE-2006-2661 A NULL pointer dereference could cause a denial of service.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 22637
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22637
    title Debian DSA-1095-1 : freetype - integer overflows
oval via4
accepted 2013-04-29T04:15:22.215-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description ftutil.c in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a crafted font file that triggers a null dereference.
family unix
id oval:org.mitre.oval:def:11692
status accepted
submitted 2010-07-09T03:56:16-04:00
title ftutil.c in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a crafted font file that triggers a null dereference.
version 23
redhat via4
advisories
rhsa
id RHSA-2006:0500
refmap via4
bid 18329
bugtraq 20060612 rPSA-2006-0100-1 freetype
confirm
debian DSA-1095
mandriva MDKSA-2006:099
misc https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=183676
sectrack 1016520
secunia
  • 20525
  • 20591
  • 20638
  • 20791
  • 21062
  • 21135
  • 21385
  • 21701
  • 23939
sgi 20060701-01-U
sunalert 102705
suse SUSE-SA:2006:037
ubuntu USN-291-1
vupen ADV-2007-0381
Last major update 07-03-2011 - 21:36
Published 30-05-2006 - 15:02
Last modified 18-10-2018 - 12:41
Back to Top