Vulnerability Details : CVE-2006-3739
Integer overflow in the CIDAFM function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted Adobe Font Metrics (AFM) files with a modified number of character metrics (StartCharMetrics), which leads to a heap-based buffer overflow.
Vulnerability category: OverflowExecute code
Products affected by CVE-2006-3739
- cpe:2.3:a:xfree86_project:xfree86_x:*:*:*:*:*:*:*:*
- cpe:2.3:a:x.org:x.org:6.8.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-3739
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 27 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-3739
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
References for CVE-2006-3739
-
http://www.vupen.com/english/advisories/2007/0322
Site en construction
-
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=412
U.S. | Let There Be Change | AccenturePatch;Vendor Advisory
-
http://www.securityfocus.com/archive/1/464268/100/0/threaded
-
http://www.vmware.com/support/esx25/doc/esx-254-200702-patch.html
Page not found
-
https://issues.rpath.com/browse/RPL-614
-
http://www.securityfocus.com/bid/19974
-
http://support.avaya.com/elmodocs2/security/ASA-2006-191.htm
ASA-2006-191 (RHSA-2006-0666)
-
http://www.securityfocus.com/archive/1/445812/100/0/threaded
-
http://security.gentoo.org/glsa/glsa-200609-07.xml
LibXfont, monolithic X.org: Multiple integer overflows (GLSA 200609-07) — Gentoo security
-
http://www.redhat.com/support/errata/RHSA-2006-0666.html
SupportPatch;Vendor Advisory
-
http://www.vupen.com/english/advisories/2006/3582
Site en construction
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:164
Mandriva
-
http://www.novell.com/linux/security/advisories/2006_23_sr.html
Security - Support | SUSE
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102714-1
-
http://www.redhat.com/support/errata/RHSA-2006-0665.html
SupportPatch;Vendor Advisory
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102780-1
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/28899
X.Org Server CIDAFM() integer overflow CVE-2006-3739 Vulnerability Report
-
http://www.ubuntu.com/usn/usn-344-1
USN-344-1: X.org vulnerabilities | Ubuntu security notices | Ubuntu
-
http://support.avaya.com/elmodocs2/security/ASA-2006-190.htm
ASA-2006-190 (RHSA-2006-0665)
-
http://www.vupen.com/english/advisories/2006/3581
Site en construction
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10305
404 Not Found
-
http://www.vupen.com/english/advisories/2007/1171
Site en construction
-
http://www.debian.org/security/2006/dsa-1193
[SECURITY] [DSA 1193-1] New XFree86 packages fix several vulnerabilities
-
http://securitytracker.com/id?1016828
GoDaddy Domain Name Search
Jump to