CVE-2006-3740
EPSS 0.07%
Description
Integer overflow in the scan_cidfont function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted (1) CMap and (2) CIDFont font data with modified item counts in the (a) begincodespacerange, (b) cidrange, and (c) notdefrange sections.
How to fix CVE-2006-3740
To remediate CVE-2006-3740, upgrade the affected package to a fixed version below.
- Debian/libxfont—upgrade to 1:1.2.2-1 or later
Is CVE-2006-3740 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1:1.2.2-1