Integer overflow in the scan_cidfont function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted (1) CMap and (2) CIDFont font data with modified item counts in the (a) begincodespacerange, (b) cidrange, and (c) notdefrange sections.
References
Link Providers
http://secunia.com/advisories/21864 cve-icon cve-icon
http://secunia.com/advisories/21889 cve-icon cve-icon
http://secunia.com/advisories/21890 cve-icon cve-icon
http://secunia.com/advisories/21894 cve-icon cve-icon
http://secunia.com/advisories/21900 cve-icon cve-icon
http://secunia.com/advisories/21904 cve-icon cve-icon
http://secunia.com/advisories/21908 cve-icon cve-icon
http://secunia.com/advisories/21924 cve-icon cve-icon
http://secunia.com/advisories/22080 cve-icon cve-icon
http://secunia.com/advisories/22141 cve-icon cve-icon
http://secunia.com/advisories/22332 cve-icon cve-icon
http://secunia.com/advisories/22560 cve-icon cve-icon
http://secunia.com/advisories/23033 cve-icon cve-icon
http://secunia.com/advisories/23899 cve-icon cve-icon
http://secunia.com/advisories/23907 cve-icon cve-icon
http://secunia.com/advisories/24636 cve-icon cve-icon
http://security.gentoo.org/glsa/glsa-200609-07.xml cve-icon cve-icon
http://securitytracker.com/id?1016828 cve-icon cve-icon
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102780-1 cve-icon cve-icon
http://support.avaya.com/elmodocs2/security/ASA-2006-190.htm cve-icon cve-icon
http://support.avaya.com/elmodocs2/security/ASA-2006-191.htm cve-icon cve-icon
http://www.debian.org/security/2006/dsa-1193 cve-icon cve-icon
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=411 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDKSA-2006:164 cve-icon cve-icon
http://www.novell.com/linux/security/advisories/2006_23_sr.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2006-0665.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2006-0666.html cve-icon cve-icon
http://www.securityfocus.com/archive/1/445812/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/archive/1/464268/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/bid/19974 cve-icon cve-icon
http://www.ubuntu.com/usn/usn-344-1 cve-icon cve-icon
http://www.vmware.com/support/esx25/doc/esx-254-200702-patch.html cve-icon cve-icon
http://www.vupen.com/english/advisories/2006/3581 cve-icon cve-icon
http://www.vupen.com/english/advisories/2006/3582 cve-icon cve-icon
http://www.vupen.com/english/advisories/2007/0322 cve-icon cve-icon
http://www.vupen.com/english/advisories/2007/1171 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/28890 cve-icon cve-icon
https://issues.rpath.com/browse/RPL-614 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2006-3740 cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9454 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2006-3740 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2006-09-13T01:00:00

Updated: 2024-08-07T18:39:54.017Z

Reserved: 2006-07-20T00:00:00

Link: CVE-2006-3740

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2006-09-13T01:07:00.000

Modified: 2024-11-21T00:14:18.980

Link: CVE-2006-3740

cve-icon Redhat

Severity : Important

Publid Date: 2006-09-12T00:00:00Z

Links: CVE-2006-3740 - Bugzilla