Vulnerability Description
Integer overflow in the CIDAFM function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted Adobe Font Metrics (AFM) files with a modified number of character metrics (StartCharMetrics), which leads to a heap-based buffer overflow.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| X.Org | X.Org | 6.8.2 |
| Xfree86 Project | Xfree86 X | All versions |
References
- http://secunia.com/advisories/21864
- http://secunia.com/advisories/21889
- http://secunia.com/advisories/21890
- http://secunia.com/advisories/21894
- http://secunia.com/advisories/21900
- http://secunia.com/advisories/21904
- http://secunia.com/advisories/21908
- http://secunia.com/advisories/21924
- http://secunia.com/advisories/22080
- http://secunia.com/advisories/22141
- http://secunia.com/advisories/22332
- http://secunia.com/advisories/22560
- http://secunia.com/advisories/23033
- http://secunia.com/advisories/23899
- http://secunia.com/advisories/24636
FAQ
What is CVE-2006-3739?
CVE-2006-3739 is a vulnerability with a CVSS score of 7.2 (HIGH). Integer overflow in the CIDAFM function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted Adobe Font Metrics (AFM) files with a modified number of character ...
How severe is CVE-2006-3739?
CVE-2006-3739 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-3739?
Check the references section above for vendor advisories and patch information. Affected products include: X.Org X.Org, Xfree86 Project Xfree86 X.