Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. Summary: CVE-2006-3467 CVE-2006-3467 freetype: integer overflow vulnerability due to incomplete fix for CVE-2006-1861 Alias: CVE-2006-3467 https://bugzilla.redhat.com/show_bug.cgi?id=487070 Summary: CVE-2006-3467 CVE-2006-3467 freetype: integer overflow vulnerability due to incomplete fix for CVE-2006-1861 Product: Security Response Version: unspecified Platform: All URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-20 06-3467 OS/Version: Linux Status: NEW Status Whiteboard: impact=moderate,source=rehdat,reported=20060710,public =20060718 Keywords: Security Severity: medium Priority: medium Component: vulnerability AssignedTo: security-response-team(a)redhat.com ReportedBy: vdanen(a)redhat.com CC: ajax(a)redhat.com, fedora-fonts-bugs-list(a)redhat.com Classification: Other Target Release: --- Common Vulnerabilities and Exposures assigned an identifier CVE-2006-3467 to the following vulnerability: Name: CVE-2006-3467 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3467 Assigned: 20060710 Reference: URL: http://www.securityfocus.com/archive/1/archive/1/451426/100/200/threaded Reference: MISC: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190593 Integer overflow in FreeType before 2.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PCF file, as demonstrated by the Red Hat bad1.pcf test file, due to a partial fix of CVE-2006-1861. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.