Vulnerability Details : CVE-2006-3740
Integer overflow in the scan_cidfont function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted (1) CMap and (2) CIDFont font data with modified item counts in the (a) begincodespacerange, (b) cidrange, and (c) notdefrange sections.
Vulnerability category: OverflowExecute code
Products affected by CVE-2006-3740
- cpe:2.3:a:xfree86_project:xfree86_x:*:*:*:*:*:*:*:*
- cpe:2.3:a:x.org:x.org:6.8.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-3740
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 22 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-3740
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
References for CVE-2006-3740
-
http://www.vupen.com/english/advisories/2007/0322
Site en construction
-
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=411
U.S. | Let There Be Change | AccenturePatch;Vendor Advisory
-
http://secunia.com/advisories/22141
About Secunia Research | Flexera
-
http://www.securityfocus.com/archive/1/464268/100/0/threaded
-
http://www.vmware.com/support/esx25/doc/esx-254-200702-patch.html
Page not found
-
https://issues.rpath.com/browse/RPL-614
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9454
404 Not Found
-
http://secunia.com/advisories/24636
About Secunia Research | Flexera
-
http://secunia.com/advisories/23033
About Secunia Research | Flexera
-
http://secunia.com/advisories/22332
About Secunia Research | Flexera
-
http://www.securityfocus.com/bid/19974
-
http://support.avaya.com/elmodocs2/security/ASA-2006-191.htm
ASA-2006-191 (RHSA-2006-0666)
-
http://www.securityfocus.com/archive/1/445812/100/0/threaded
-
http://secunia.com/advisories/21908
About Secunia Research | Flexera
-
http://security.gentoo.org/glsa/glsa-200609-07.xml
LibXfont, monolithic X.org: Multiple integer overflows (GLSA 200609-07) — Gentoo security
-
http://www.redhat.com/support/errata/RHSA-2006-0666.html
SupportPatch;Vendor Advisory
-
http://www.vupen.com/english/advisories/2006/3582
Site en construction
-
http://secunia.com/advisories/21890
About Secunia Research | Flexera
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:164
Mandriva
-
http://secunia.com/advisories/21864
About Secunia Research | Flexera
-
http://secunia.com/advisories/23907
About Secunia Research | Flexera
-
http://secunia.com/advisories/21900
About Secunia Research | Flexera
-
http://www.novell.com/linux/security/advisories/2006_23_sr.html
Security - Support | SUSE
-
http://www.redhat.com/support/errata/RHSA-2006-0665.html
SupportPatch;Vendor Advisory
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102780-1
-
http://www.ubuntu.com/usn/usn-344-1
USN-344-1: X.org vulnerabilities | Ubuntu security notices | Ubuntu
-
http://support.avaya.com/elmodocs2/security/ASA-2006-190.htm
ASA-2006-190 (RHSA-2006-0665)
-
http://www.vupen.com/english/advisories/2006/3581
Site en construction
-
http://secunia.com/advisories/21894
About Secunia Research | Flexera
-
http://www.vupen.com/english/advisories/2007/1171
Site en construction
-
http://secunia.com/advisories/22080
About Secunia Research | Flexera
-
http://secunia.com/advisories/23899
About Secunia Research | Flexera
-
http://secunia.com/advisories/22560
About Secunia Research | Flexera
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/28890
X.Org Server scan_cidfont() integer overflow CVE-2006-3740 Vulnerability Report
-
http://www.debian.org/security/2006/dsa-1193
[SECURITY] [DSA 1193-1] New XFree86 packages fix several vulnerabilities
-
http://secunia.com/advisories/21889
About Secunia Research | Flexera
-
http://secunia.com/advisories/21924
About Secunia Research | Flexera
-
http://securitytracker.com/id?1016828
GoDaddy Domain Name Search
-
http://secunia.com/advisories/21904
About Secunia Research | Flexera
Jump to