CVE-2006-3740

N/A Unknown
Published: September 13, 2006 Modified: April 16, 2026
View on NVD

Description

Integer overflow in the scan_cidfont function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted (1) CMap and (2) CIDFont font data with modified item counts in the (a) begincodespacerange, (b) cidrange, and (c) notdefrange sections.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://secunia.com/advisories/21864
Source: secalert@redhat.com
http://secunia.com/advisories/21889
Source: secalert@redhat.com
http://secunia.com/advisories/21890
Source: secalert@redhat.com
http://secunia.com/advisories/21894
Source: secalert@redhat.com
http://secunia.com/advisories/21900
Source: secalert@redhat.com
http://secunia.com/advisories/21904
Source: secalert@redhat.com
http://secunia.com/advisories/21908
Source: secalert@redhat.com
http://secunia.com/advisories/21924
Source: secalert@redhat.com
http://secunia.com/advisories/22080
Source: secalert@redhat.com
http://secunia.com/advisories/22141
Source: secalert@redhat.com
http://secunia.com/advisories/22332
Source: secalert@redhat.com
http://secunia.com/advisories/22560
Source: secalert@redhat.com
http://secunia.com/advisories/23033
Source: secalert@redhat.com
http://secunia.com/advisories/23899
Source: secalert@redhat.com
http://secunia.com/advisories/23907
Source: secalert@redhat.com
http://secunia.com/advisories/24636
Source: secalert@redhat.com
http://security.gentoo.org/glsa/glsa-200609-07.xml
Source: secalert@redhat.com
http://securitytracker.com/id?1016828
Source: secalert@redhat.com
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102780-1
Source: secalert@redhat.com
http://support.avaya.com/elmodocs2/security/ASA-2006-190.htm
Source: secalert@redhat.com
http://support.avaya.com/elmodocs2/security/ASA-2006-191.htm
Source: secalert@redhat.com
http://www.debian.org/security/2006/dsa-1193
Source: secalert@redhat.com
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=411
Source: secalert@redhat.com
Patch Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2006:164
Source: secalert@redhat.com
http://www.novell.com/linux/security/advisories/2006_23_sr.html
Source: secalert@redhat.com
http://www.redhat.com/support/errata/RHSA-2006-0665.html
Source: secalert@redhat.com
Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2006-0666.html
Source: secalert@redhat.com
Patch Vendor Advisory
http://www.securityfocus.com/archive/1/445812/100/0/threaded
Source: secalert@redhat.com
http://www.securityfocus.com/archive/1/464268/100/0/threaded
Source: secalert@redhat.com
http://www.securityfocus.com/bid/19974
Source: secalert@redhat.com
http://www.ubuntu.com/usn/usn-344-1
Source: secalert@redhat.com
http://www.vmware.com/support/esx25/doc/esx-254-200702-patch.html
Source: secalert@redhat.com
http://www.vupen.com/english/advisories/2006/3581
Source: secalert@redhat.com
http://www.vupen.com/english/advisories/2006/3582
Source: secalert@redhat.com
http://www.vupen.com/english/advisories/2007/0322
Source: secalert@redhat.com
http://www.vupen.com/english/advisories/2007/1171
Source: secalert@redhat.com
https://exchange.xforce.ibmcloud.com/vulnerabilities/28890
Source: secalert@redhat.com
https://issues.rpath.com/browse/RPL-614
Source: secalert@redhat.com
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9454
Source: secalert@redhat.com
http://secunia.com/advisories/21864
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/21889
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/21890
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/21894
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/21900
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/21904
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/21908
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/21924
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/22080
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/22141
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/22332
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/22560
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/23033
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/23899
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/23907
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/24636
Source: af854a3a-2127-422b-91ae-364da2661108
http://security.gentoo.org/glsa/glsa-200609-07.xml
Source: af854a3a-2127-422b-91ae-364da2661108
http://securitytracker.com/id?1016828
Source: af854a3a-2127-422b-91ae-364da2661108
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102780-1
Source: af854a3a-2127-422b-91ae-364da2661108
http://support.avaya.com/elmodocs2/security/ASA-2006-190.htm
Source: af854a3a-2127-422b-91ae-364da2661108
http://support.avaya.com/elmodocs2/security/ASA-2006-191.htm
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.debian.org/security/2006/dsa-1193
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=411
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2006:164
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.novell.com/linux/security/advisories/2006_23_sr.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.redhat.com/support/errata/RHSA-2006-0665.html
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2006-0666.html
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Vendor Advisory
http://www.securityfocus.com/archive/1/445812/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/archive/1/464268/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/19974
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.ubuntu.com/usn/usn-344-1
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vmware.com/support/esx25/doc/esx-254-200702-patch.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2006/3581
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2006/3582
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2007/0322
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2007/1171
Source: af854a3a-2127-422b-91ae-364da2661108
https://exchange.xforce.ibmcloud.com/vulnerabilities/28890
Source: af854a3a-2127-422b-91ae-364da2661108
https://issues.rpath.com/browse/RPL-614
Source: af854a3a-2127-422b-91ae-364da2661108
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9454
Source: af854a3a-2127-422b-91ae-364da2661108

78 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
0.1%
22th percentile
Exploitation Status
Not in CISA KEV

Affected Vendors

xfree86_project x.org