CVE-2006-1861

Summary

CVE	CVE-2006-1861
State	PUBLISHED
Assigner	redhat
Source Priority	CVE Program / NVD first with legacy fallback
Published	2006-05-23 10:06:00 UTC
Updated	2025-04-03 01:03:51 UTC
Description	Multiple integer overflows in FreeType before 2.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to (1) bdf/bdflib.c, (2) sfnt/ttcmap.c, (3) cff/cffgload.c, and (4) the read_lwfn function and a crafted LWFN file in base/ftmac.c. NOTE: item 4 was originally identified by CVE-2006-2493.

Risk And Classification

Primary CVSS: v2.0 7.5 from [email protected]

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS: 0.085220000 probability, percentile 0.923960000 (date 2026-04-20)

Problem Types: CWE-189 | n/a

CVSS v2.0 Breakdown

Access Vector

Network

Access Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Freetype	Freetype	2.0.9	All	All	All
Application	Freetype	Freetype	2.1.10	All	All	All
Application	Freetype	Freetype	2.1.3	All	All	All
Application	Freetype	Freetype	2.1.4	All	All	All
Application	Freetype	Freetype	2.1.5	All	All	All
Application	Freetype	Freetype	2.1.6	All	All	All
Application	Freetype	Freetype	2.1.7	All	All	All
Application	Freetype	Freetype	2.1.8	All	All	All
Application	Freetype	Freetype	2.1.9	All	All	All

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Na	N/a	affected n/a	Not specified

References

Reference	Source	Link	Tags
FreeType LWFN Files Buffer Overflow Vulnerability	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com	Patch
Support	af854a3a-2127-422b-91ae-364da2661108	www.redhat.com	Vendor Advisory
#102705: Security Vulnerabilities (Integer Overflows and a Denial of Service) in the FreeType 2 Font Engine	af854a3a-2127-422b-91ae-364da2661108	sunsolve.sun.com
[SECURITY] Fedora 10 Update: freetype1-1.4-0.8.pre.fc10	af854a3a-2127-422b-91ae-364da2661108	www.redhat.com
SUSE update for freetype2 - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Vendor Advisory
SUSE Updates for Multiple Packages - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Vendor Advisory
Mandriva update for freetype2 - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Vendor Advisory
Red Hat update for freetype - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Vendor Advisory
Repository / Oval Repository	af854a3a-2127-422b-91ae-364da2661108	oval.cisecurity.org
Gentoo update for NX - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Vendor Advisory
Page not found - SourceForge.net	af854a3a-2127-422b-91ae-364da2661108	sourceforge.net	Patch
SuSE Security announcements: [suse-security-announce] SUSE Security Announcement: freetype2 (SUSE-SA:2006:037)	af854a3a-2127-422b-91ae-364da2661108	lists.suse.com
Gentoo Linux Documentation -- FreeType: Multiple integer overflows	af854a3a-2127-422b-91ae-364da2661108	security.gentoo.org
patches.sgi.com/support/free/security/advisories/20060701-01-U	af854a3a-2127-422b-91ae-364da2661108	patches.sgi.com
190593 – CVE-2006-1861 freetype multiple integer overflows (CVE-2006-3467)	af854a3a-2127-422b-91ae-364da2661108	bugzilla.redhat.com
USN-291-1: FreeType vulnerabilities \| Ubuntu security notices	af854a3a-2127-422b-91ae-364da2661108	usn.ubuntu.com
Red Hat update for freetype - Secunia Advisories - Vulnerability Information - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Vendor Advisory
Support	af854a3a-2127-422b-91ae-364da2661108	www.redhat.com
bugzilla.redhat.com/bugzilla/attachment.cgi	af854a3a-2127-422b-91ae-364da2661108	bugzilla.redhat.com
Secunia - Advisories - Ubuntu update for libfreetype6	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Vendor Advisory
Secunia - Advisories - Gentoo update for freetype	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Vendor Advisory
FreeType Integer Overflow and Underflow Vulnerabilities - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Patch, Vendor Advisory
Gentoo Linux Documentation -- NX 2.1: User-assisted execution of arbitrary code	af854a3a-2127-422b-91ae-364da2661108	www.gentoo.org
Sun Solaris FreeType Integer Overflow and Underflow Vulnerabilities - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Vendor Advisory
About the security content of Security Update 2009-001	af854a3a-2127-422b-91ae-364da2661108	support.apple.com
[security-announce] SUSE Security Summary Report SUSE-SR:2007:021	af854a3a-2127-422b-91ae-364da2661108	lists.opensuse.org
Webmail - OVH	af854a3a-2127-422b-91ae-364da2661108	www.vupen.com	Vendor Advisory
Advisories - Mandriva Linux	af854a3a-2127-422b-91ae-364da2661108	www.mandriva.com
IBM X-Force Exchange	af854a3a-2127-422b-91ae-364da2661108	exchange.xforce.ibmcloud.com
Red Hat update for freetype - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Vendor Advisory
Debian -- Security Information -- DSA-1095-1 freetype	af854a3a-2127-422b-91ae-364da2661108	www.debian.org
SGI Advanced Linux Environment Multiple Updates - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Vendor Advisory
APPLE-SA-2009-02-12 Security Update 2009-001	af854a3a-2127-422b-91ae-364da2661108	lists.apple.com
SecurityFocus	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com
Webmail - OVH	af854a3a-2127-422b-91ae-364da2661108	www.vupen.com	Vendor Advisory
[#RPL-429] CVE-2006-0747 CVE-2006-1861 CVE-2006-2661 multiple freetype vulnerabilities - rPath JIRA	af854a3a-2127-422b-91ae-364da2661108	issues.rpath.com
Bug 502565 – CVE-2006-1861 CVE-2007-2754 Multiple freetype1 vulnerabilities [Fedora rawhide]	af854a3a-2127-422b-91ae-364da2661108	bugzilla.redhat.com
ASA-2006-176 (RHSA-2006-0500)	af854a3a-2127-422b-91ae-364da2661108	support.avaya.com
Support	af854a3a-2127-422b-91ae-364da2661108	www.redhat.com	Vendor Advisory
190593 – CVE-2006-1861 freetype multiple integer overflows (CVE-2006-3467)	af854a3a-2127-422b-91ae-364da2661108	bugzilla.redhat.com
Secunia - Advisories - rPath update for freetype	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Vendor Advisory
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities - Secunia Advisories - Vulnerability Information - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Vendor Advisory
Fedora update for freetype1 - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Vendor Advisory
SecurityTracker.com Archives - FreeType Integer Overflows Let Remote Users Execute Arbitrary Code	af854a3a-2127-422b-91ae-364da2661108	securitytracker.com
Debian update for freetype - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Vendor Advisory
[SECURITY] Fedora 11 Update: freetype1-1.4-0.8.pre.fc11	af854a3a-2127-422b-91ae-364da2661108	www.redhat.com
NX Server PCF Integer Overflow Vulnerabilities - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Vendor Advisory
Avaya Products FreeType Vulnerabilities - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Vendor Advisory
Red Hat Customer Portal	MITRE	access.redhat.com
Red Hat Customer Portal	MITRE	access.redhat.com
Red Hat Customer Portal	MITRE	access.redhat.com
Red Hat Customer Portal - Access to 24x7 support and knowledge	MITRE	access.redhat.com
484437 – (CVE-2006-1861) CVE-2006-1861 freetype: multiple integer overflow vulnerabilities	MITRE	bugzilla.redhat.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.