CVE-2006-2493
CVSSN/A
发布时间 :2006-05-19 23:02:00
修订时间 :2008-09-10 16:18:09
NMP    

[原文]** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-1861. Reason: This candidate is a duplicate of CVE-2006-1861. Notes: All CVE users should reference CVE-2006-1861 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.


[CNNVD]CNNVD数据暂缺。


[机译]* REJECT **不要使用该候选号码。

- CVSS (基础分值)

CVSS暂不可用

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2493
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2493
(官方数据源) NVD

- 其它链接及资源

- 漏洞信息 (F48762)

OpenPKG Security Advisory 2006.17 (PacketStormID:F48762)
2006-08-03 00:00:00
OpenPKG Foundation  openpkg.org
advisory
CVE-2006-3467,CVE-2006-2661,CVE-2006-2493,CVE-2006-0747
[点击下载]

OpenPKG Security Advisory OpenPKG-SA-2006.017 - Multiple security issues exist in the FreeType font rendering library before version 2.2.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

OpenPKG Security Advisory                            The OpenPKG Project
http://www.openpkg.org/security/                  http://www.openpkg.org
openpkg-security@openpkg.org                         openpkg@openpkg.org
OpenPKG-SA-2006.017                                          28-Jul-2006
________________________________________________________________________

Package:             freetype
Vulnerability:       denial of service, arbitrary code execution
OpenPKG Specific:    no

Affected Releases:   Affected Packages:       Corrected Packages:
OpenPKG CURRENT      N.A.                     N.A.
OpenPKG 2-STABLE     N.A.                     N.A.
OpenPKG 2.5-RELEASE  <= freetype-2.1.10-2.5.0 >= freetype-2.1.10-2.5.1

Description:
  Multiple security issues exist in the FreeType [1] font rendering
  library before version 2.2:

  An integer overflow allows remote attackers to cause a Denial of
  Service (DoS) and possibly execute arbitrary code via unknown vectors,
  as demonstrated by the Red Hat "bad1.pcf" test file, due to a partial
  fix of CVE-2006-1861. The Common Vulnerabilities and Exposures (CVE)
  project assigned the id CVE-2006-3467 [2] to the problem.

  Remote attackers can cause a Denial of Service (DoS) via a specially
  crafted font file that triggers a NULL dereference. The Common
  Vulnerabilities and Exposures (CVE) project assigned the id
  CVE-2006-2661 [3] to the problem.

  Multiple integer overflows allow remote attackers to cause a
  Denial of Service (DoS) and possibly execute arbitrary code. The
  Common Vulnerabilities and Exposures (CVE) project assigned the
  id CVE-2006-1861 [4] to the problem. Parts of this issue the
  Common Vulnerabilities and Exposures (CVE) project assigned the id
  CVE-2006-2493, which is now rejected.

  Integer underflow allows remote attackers to cause a Denial of Service
  (DoS) via a specially crafted font file with an odd number of "blue"
  values, which causes the underflow when decrementing by 2 in a context
  that assumes an even number of values. The Common Vulnerabilities
  and Exposures (CVE) project assigned the id CVE-2006-0747 [5] to the
  problem.

  An additional flaw causes some programs to go into an infinite loop
  and this way cause a Denial of Service (DoS) when dealing with fonts
  that don't have a properly sorted kerning sub-table.
________________________________________________________________________

References:
  [1] http://www.freetype.org/
  [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3467
  [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2661
  [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1861
  [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0747
________________________________________________________________________

For security reasons, this advisory was digitally signed with the
OpenPGP public key "OpenPKG <openpkg@openpkg.org>" (ID 63C4CB9F) of the
OpenPKG project which you can retrieve from http://pgp.openpkg.org and
hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org
for details on how to verify the integrity of this advisory.
________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Comment: OpenPKG <openpkg@openpkg.org>

iD8DBQFEyfw3gHWT4GPEy58RAiB1AKDKGX5q6ovQuoQXjnV9KY3jvCLJNgCgxCdg
difG4d5DnORPqstdPAUejm8=
=hbbe
-----END PGP SIGNATURE-----
    
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站