CVE-2007-1351

Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.

CVSS v2.0 8.5 HIGH

8.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:S/C:C/I:C/A:C

Exploitability : 6.8 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://issues.foresightlinux.org/browse/FL-223
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=501	Patch
http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html
http://rhn.redhat.com/errata/RHSA-2007-0125.html
http://secunia.com/advisories/24741	Vendor Advisory
http://secunia.com/advisories/24745
http://secunia.com/advisories/24756
http://secunia.com/advisories/24758
http://secunia.com/advisories/24765
http://secunia.com/advisories/24768
http://secunia.com/advisories/24770	Vendor Advisory
http://secunia.com/advisories/24771
http://secunia.com/advisories/24772
http://secunia.com/advisories/24776
http://secunia.com/advisories/24791
http://secunia.com/advisories/24885
http://secunia.com/advisories/24889
http://secunia.com/advisories/24921
http://secunia.com/advisories/24996
http://secunia.com/advisories/25004
http://secunia.com/advisories/25006
http://secunia.com/advisories/25096
http://secunia.com/advisories/25195
http://secunia.com/advisories/25216
http://secunia.com/advisories/25305
http://secunia.com/advisories/25495
http://secunia.com/advisories/28333
http://secunia.com/advisories/30161
http://secunia.com/advisories/33937
http://security.gentoo.org/glsa/glsa-200705-02.xml
http://security.gentoo.org/glsa/glsa-200705-10.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.626733
http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=498954
http://sourceforge.net/project/shownotes.php?release_id=498954
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1
http://support.apple.com/kb/HT3438
http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm
http://support.avaya.com/elmodocs2/security/ASA-2007-193.htm
http://www.debian.org/security/2007/dsa-1294
http://www.debian.org/security/2008/dsa-1454
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:079
http://www.mandriva.com/security/advisories?name=MDKSA-2007:080
http://www.mandriva.com/security/advisories?name=MDKSA-2007:081
http://www.novell.com/linux/security/advisories/2007_27_x.html
http://www.novell.com/linux/security/advisories/2007_6_sr.html
http://www.openbsd.org/errata39.html#021_xorg
http://www.openbsd.org/errata40.html#011_xorg
http://www.redhat.com/support/errata/RHSA-2007-0126.html
http://www.redhat.com/support/errata/RHSA-2007-0132.html
http://www.redhat.com/support/errata/RHSA-2007-0150.html
http://www.securityfocus.com/archive/1/464686/100/0/threaded
http://www.securityfocus.com/archive/1/464816/100/0/threaded
http://www.securityfocus.com/bid/23283	Patch
http://www.securityfocus.com/bid/23300
http://www.securityfocus.com/bid/23402
http://www.securitytracker.com/id?1017857
http://www.trustix.org/errata/2007/0013/
http://www.ubuntu.com/usn/usn-448-1
http://www.vupen.com/english/advisories/2007/1217
http://www.vupen.com/english/advisories/2007/1264
http://www.vupen.com/english/advisories/2007/1548
https://exchange.xforce.ibmcloud.com/vulnerabilities/33417
https://issues.rpath.com/browse/RPL-1213
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11266
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1810

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:ubuntu:ubuntu_linux:5.10::amd64:::::
	cpe:2.3:o:ubuntu:ubuntu_linux:5.10::i386:::::
	cpe:2.3:o:ubuntu:ubuntu_linux:5.10::powerpc:::::
	cpe:2.3:o:ubuntu:ubuntu_linux:5.10::sparc:::::
	cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts::amd64:::::
	cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts::i386:::::
	cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts::powerpc:::::
	cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts::sparc:::::
	cpe:2.3:o:ubuntu:ubuntu_linux:6.10::amd64:::::
	cpe:2.3:o:ubuntu:ubuntu_linux:6.10::i386:::::
	cpe:2.3:o:ubuntu:ubuntu_linux:6.10::powerpc:::::
	cpe:2.3:o:ubuntu:ubuntu_linux:6.10::sparc:::::

Configuration 2 (hide)

OR	cpe:2.3:a:x.org:libxfont:1.2.2:::::::*
	cpe:2.3:a:xfree86_project:x11r6:4.3.0:::::::*
	cpe:2.3:a:xfree86_project:x11r6:4.3.0.1:::::::*
	cpe:2.3:a:xfree86_project:x11r6:4.3.0.2:::::::*

Configuration 3 (hide)

cpe:2.3:o:rpath:rpath_linux:1:*:*:*:*:*:*:*

Configuration 4 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux:2.1::advanced_server:::::
	cpe:2.3:o:redhat:enterprise_linux:2.1::advanced_server_ia64:::::
	cpe:2.3:o:redhat:enterprise_linux:2.1::enterprise_server:::::
	cpe:2.3:o:redhat:enterprise_linux:2.1::enterprise_server_ia64:::::
	cpe:2.3:o:redhat:enterprise_linux:2.1::workstation:::::
	cpe:2.3:o:redhat:enterprise_linux:2.1::workstation_ia64:::::
	cpe:2.3:o:redhat:enterprise_linux:3.0::advanced_servers:::::
	cpe:2.3:o:redhat:enterprise_linux:3.0::enterprise_server:::::
	cpe:2.3:o:redhat:enterprise_linux:3.0::workstation:::::
	cpe:2.3:o:redhat:enterprise_linux:4.0::advanced_server:::::
	cpe:2.3:o:redhat:enterprise_linux:4.0::enterprise_server:::::
	cpe:2.3:o:redhat:enterprise_linux:4.0::workstation:::::
	cpe:2.3:o:redhat:enterprise_linux:5.0::desktop:::::
	cpe:2.3:o:redhat:enterprise_linux:5.0::desktop_workstation:::::
	cpe:2.3:o:redhat:enterprise_linux:5.0::server:::::
	cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:::::::*
	cpe:2.3:o:redhat:linux_advanced_workstation:2.1::ia64:::::
	cpe:2.3:o:redhat:linux_advanced_workstation:2.1::itanium:::::

Configuration 5 (hide)

OR	cpe:2.3:o:openbsd:openbsd:3.9:::::::*
	cpe:2.3:o:openbsd:openbsd:4.0:::::::*

Configuration 6 (hide)

AND

OR	cpe:2.3:o:mandrakesoft:mandrake_linux:2007:::::::*
	cpe:2.3:o:mandrakesoft:mandrake_linux:2007::x86_64:::::
	cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:::::::*
	cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:::::
	cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:::::::*
	cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:::::

cpe:2.3:a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2007-04-06 01:19

Updated : 2024-02-04 17:13

NVD link : CVE-2007-1351

Mitre link : CVE-2007-1351

CVE.ORG link : CVE-2007-1351

JSON object : View

Products Affected

rpath

rpath_linux

x.org

libxfont

xfree86_project

x11r6

mandrakesoft

mandrake_linux
mandrake_multi_network_firewall
mandrake_linux_corporate_server

openbsd

openbsd

redhat

enterprise_linux
enterprise_linux_desktop
linux_advanced_workstation

ubuntu

ubuntu_linux

CWE

CWE-189

Numeric Errors

8.5 /10