CVE-2007-1351

Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.

CVSS v2.0 8.5 HIGH

8.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:S/C:C/I:C/A:C

Exploitability : 6.8 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://issues.foresightlinux.org/browse/FL-223
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=501	Patch
http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html
http://rhn.redhat.com/errata/RHSA-2007-0125.html
http://secunia.com/advisories/24741	Vendor Advisory
http://secunia.com/advisories/24745
http://secunia.com/advisories/24756
http://secunia.com/advisories/24758
http://secunia.com/advisories/24765
http://secunia.com/advisories/24768
http://secunia.com/advisories/24770	Vendor Advisory
http://secunia.com/advisories/24771
http://secunia.com/advisories/24772
http://secunia.com/advisories/24776
http://secunia.com/advisories/24791
http://secunia.com/advisories/24885
http://secunia.com/advisories/24889
http://secunia.com/advisories/24921
http://secunia.com/advisories/24996
http://secunia.com/advisories/25004
http://secunia.com/advisories/25006
http://secunia.com/advisories/25096
http://secunia.com/advisories/25195
http://secunia.com/advisories/25216
http://secunia.com/advisories/25305
http://secunia.com/advisories/25495
http://secunia.com/advisories/28333
http://secunia.com/advisories/30161
http://secunia.com/advisories/33937
http://security.gentoo.org/glsa/glsa-200705-02.xml
http://security.gentoo.org/glsa/glsa-200705-10.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.626733
http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=498954
http://sourceforge.net/project/shownotes.php?release_id=498954
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1
http://support.apple.com/kb/HT3438
http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm
http://support.avaya.com/elmodocs2/security/ASA-2007-193.htm
http://www.debian.org/security/2007/dsa-1294
http://www.debian.org/security/2008/dsa-1454
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:079
http://www.mandriva.com/security/advisories?name=MDKSA-2007:080
http://www.mandriva.com/security/advisories?name=MDKSA-2007:081
http://www.novell.com/linux/security/advisories/2007_27_x.html
http://www.novell.com/linux/security/advisories/2007_6_sr.html
http://www.openbsd.org/errata39.html#021_xorg
http://www.openbsd.org/errata40.html#011_xorg
http://www.redhat.com/support/errata/RHSA-2007-0126.html
http://www.redhat.com/support/errata/RHSA-2007-0132.html
http://www.redhat.com/support/errata/RHSA-2007-0150.html
http://www.securityfocus.com/archive/1/464686/100/0/threaded
http://www.securityfocus.com/archive/1/464816/100/0/threaded
http://www.securityfocus.com/bid/23283	Patch
http://www.securityfocus.com/bid/23300
http://www.securityfocus.com/bid/23402
http://www.securitytracker.com/id?1017857
http://www.trustix.org/errata/2007/0013/
http://www.ubuntu.com/usn/usn-448-1
http://www.vupen.com/english/advisories/2007/1217
http://www.vupen.com/english/advisories/2007/1264
http://www.vupen.com/english/advisories/2007/1548
https://exchange.xforce.ibmcloud.com/vulnerabilities/33417
https://issues.rpath.com/browse/RPL-1213
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11266
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1810
http://issues.foresightlinux.org/browse/FL-223
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=501	Patch
http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html
http://rhn.redhat.com/errata/RHSA-2007-0125.html
http://secunia.com/advisories/24741	Vendor Advisory
http://secunia.com/advisories/24745
http://secunia.com/advisories/24756
http://secunia.com/advisories/24758
http://secunia.com/advisories/24765
http://secunia.com/advisories/24768
http://secunia.com/advisories/24770	Vendor Advisory
http://secunia.com/advisories/24771
http://secunia.com/advisories/24772
http://secunia.com/advisories/24776
http://secunia.com/advisories/24791
http://secunia.com/advisories/24885
http://secunia.com/advisories/24889
http://secunia.com/advisories/24921
http://secunia.com/advisories/24996
http://secunia.com/advisories/25004
http://secunia.com/advisories/25006
http://secunia.com/advisories/25096
http://secunia.com/advisories/25195
http://secunia.com/advisories/25216
http://secunia.com/advisories/25305
http://secunia.com/advisories/25495
http://secunia.com/advisories/28333
http://secunia.com/advisories/30161
http://secunia.com/advisories/33937
http://security.gentoo.org/glsa/glsa-200705-02.xml
http://security.gentoo.org/glsa/glsa-200705-10.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.626733
http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=498954
http://sourceforge.net/project/shownotes.php?release_id=498954
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1
http://support.apple.com/kb/HT3438
http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm
http://support.avaya.com/elmodocs2/security/ASA-2007-193.htm
http://www.debian.org/security/2007/dsa-1294
http://www.debian.org/security/2008/dsa-1454
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:079
http://www.mandriva.com/security/advisories?name=MDKSA-2007:080
http://www.mandriva.com/security/advisories?name=MDKSA-2007:081
http://www.novell.com/linux/security/advisories/2007_27_x.html
http://www.novell.com/linux/security/advisories/2007_6_sr.html
http://www.openbsd.org/errata39.html#021_xorg
http://www.openbsd.org/errata40.html#011_xorg
http://www.redhat.com/support/errata/RHSA-2007-0126.html
http://www.redhat.com/support/errata/RHSA-2007-0132.html
http://www.redhat.com/support/errata/RHSA-2007-0150.html
http://www.securityfocus.com/archive/1/464686/100/0/threaded
http://www.securityfocus.com/archive/1/464816/100/0/threaded
http://www.securityfocus.com/bid/23283	Patch
http://www.securityfocus.com/bid/23300
http://www.securityfocus.com/bid/23402
http://www.securitytracker.com/id?1017857
http://www.trustix.org/errata/2007/0013/
http://www.ubuntu.com/usn/usn-448-1
http://www.vupen.com/english/advisories/2007/1217
http://www.vupen.com/english/advisories/2007/1264
http://www.vupen.com/english/advisories/2007/1548
https://exchange.xforce.ibmcloud.com/vulnerabilities/33417
https://issues.rpath.com/browse/RPL-1213
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11266
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1810

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:ubuntu:ubuntu_linux:5.10::amd64:::::
	cpe:2.3:o:ubuntu:ubuntu_linux:5.10::i386:::::
	cpe:2.3:o:ubuntu:ubuntu_linux:5.10::powerpc:::::
	cpe:2.3:o:ubuntu:ubuntu_linux:5.10::sparc:::::
	cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts::amd64:::::
	cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts::i386:::::
	cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts::powerpc:::::
	cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts::sparc:::::
	cpe:2.3:o:ubuntu:ubuntu_linux:6.10::amd64:::::
	cpe:2.3:o:ubuntu:ubuntu_linux:6.10::i386:::::
	cpe:2.3:o:ubuntu:ubuntu_linux:6.10::powerpc:::::
	cpe:2.3:o:ubuntu:ubuntu_linux:6.10::sparc:::::

Configuration 2 (hide)

OR	cpe:2.3:a:x.org:libxfont:1.2.2:::::::*
	cpe:2.3:a:xfree86_project:x11r6:4.3.0:::::::*
	cpe:2.3:a:xfree86_project:x11r6:4.3.0.1:::::::*
	cpe:2.3:a:xfree86_project:x11r6:4.3.0.2:::::::*

Configuration 3 (hide)

cpe:2.3:o:rpath:rpath_linux:1:*:*:*:*:*:*:*

Configuration 4 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux:2.1::advanced_server:::::
	cpe:2.3:o:redhat:enterprise_linux:2.1::advanced_server_ia64:::::
	cpe:2.3:o:redhat:enterprise_linux:2.1::enterprise_server:::::
	cpe:2.3:o:redhat:enterprise_linux:2.1::enterprise_server_ia64:::::
	cpe:2.3:o:redhat:enterprise_linux:2.1::workstation:::::
	cpe:2.3:o:redhat:enterprise_linux:2.1::workstation_ia64:::::
	cpe:2.3:o:redhat:enterprise_linux:3.0::advanced_servers:::::
	cpe:2.3:o:redhat:enterprise_linux:3.0::enterprise_server:::::
	cpe:2.3:o:redhat:enterprise_linux:3.0::workstation:::::
	cpe:2.3:o:redhat:enterprise_linux:4.0::advanced_server:::::
	cpe:2.3:o:redhat:enterprise_linux:4.0::enterprise_server:::::
	cpe:2.3:o:redhat:enterprise_linux:4.0::workstation:::::
	cpe:2.3:o:redhat:enterprise_linux:5.0::desktop:::::
	cpe:2.3:o:redhat:enterprise_linux:5.0::desktop_workstation:::::
	cpe:2.3:o:redhat:enterprise_linux:5.0::server:::::
	cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:::::::*
	cpe:2.3:o:redhat:linux_advanced_workstation:2.1::ia64:::::
	cpe:2.3:o:redhat:linux_advanced_workstation:2.1::itanium:::::

Configuration 5 (hide)

OR	cpe:2.3:o:openbsd:openbsd:3.9:::::::*
	cpe:2.3:o:openbsd:openbsd:4.0:::::::*

Configuration 6 (hide)

AND

OR	cpe:2.3:o:mandrakesoft:mandrake_linux:2007:::::::*
	cpe:2.3:o:mandrakesoft:mandrake_linux:2007::x86_64:::::
	cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:::::::*
	cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:::::
	cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:::::::*
	cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:::::

cpe:2.3:a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*

History

21 Nov 2024, 00:28

Information

Published : 2007-04-06 01:19

Updated : 2024-11-21 00:28

NVD link : CVE-2007-1351

Mitre link : CVE-2007-1351

CVE.ORG link : CVE-2007-1351

JSON object : View

Products Affected

ubuntu

ubuntu_linux

redhat

enterprise_linux
enterprise_linux_desktop
linux_advanced_workstation

x.org

libxfont

mandrakesoft

mandrake_linux
mandrake_multi_network_firewall
mandrake_linux_corporate_server

openbsd

openbsd

rpath

rpath_linux

xfree86_project

x11r6

CWE

CWE-189

Numeric Errors

8.5 /10