Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2007-1351

Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.

Published

2007-04-06T01:19:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 8.5 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

6.8

Impact Score

10.0

Weaknesses

Type: Primary
CWE-189

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	ubuntu	ubuntu_linux	5.10	Yes
Operating System	ubuntu	ubuntu_linux	5.10	Yes
Operating System	ubuntu	ubuntu_linux	5.10	Yes
Operating System	ubuntu	ubuntu_linux	5.10	Yes
Operating System	ubuntu	ubuntu_linux	6.06_lts	Yes
Operating System	ubuntu	ubuntu_linux	6.06_lts	Yes
Operating System	ubuntu	ubuntu_linux	6.06_lts	Yes
Operating System	ubuntu	ubuntu_linux	6.06_lts	Yes
Operating System	ubuntu	ubuntu_linux	6.10	Yes
Operating System	ubuntu	ubuntu_linux	6.10	Yes
Operating System	ubuntu	ubuntu_linux	6.10	Yes
Operating System	ubuntu	ubuntu_linux	6.10	Yes
Application	x.org	libxfont	1.2.2	Yes
Application	xfree86_project	x11r6	4.3.0	Yes
Application	xfree86_project	x11r6	4.3.0.1	Yes
Application	xfree86_project	x11r6	4.3.0.2	Yes
Operating System	rpath	rpath_linux	1	Yes
Operating System	redhat	enterprise_linux	2.1	Yes
Operating System	redhat	enterprise_linux	2.1	Yes
Operating System	redhat	enterprise_linux	2.1	Yes
Operating System	redhat	enterprise_linux	2.1	Yes
Operating System	redhat	enterprise_linux	2.1	Yes
Operating System	redhat	enterprise_linux	2.1	Yes
Operating System	redhat	enterprise_linux	3.0	Yes
Operating System	redhat	enterprise_linux	3.0	Yes
Operating System	redhat	enterprise_linux	3.0	Yes
Operating System	redhat	enterprise_linux	4.0	Yes
Operating System	redhat	enterprise_linux	4.0	Yes
Operating System	redhat	enterprise_linux	4.0	Yes
Operating System	redhat	enterprise_linux	5.0	Yes
Operating System	redhat	enterprise_linux	5.0	Yes
Operating System	redhat	enterprise_linux	5.0	Yes
Operating System	redhat	enterprise_linux_desktop	3.0	Yes
Operating System	redhat	enterprise_linux_desktop	4.0	Yes
Operating System	redhat	linux_advanced_workstation	2.1	Yes
Operating System	redhat	linux_advanced_workstation	2.1	Yes
Operating System	openbsd	openbsd	3.9	Yes
Operating System	openbsd	openbsd	4.0	Yes
Operating System	mandrakesoft	mandrake_linux	2007	No
Operating System	mandrakesoft	mandrake_linux	2007	No
Operating System	mandrakesoft	mandrake_linux_corporate_server	3.0	No
Operating System	mandrakesoft	mandrake_linux_corporate_server	3.0	No
Operating System	mandrakesoft	mandrake_linux_corporate_server	4.0	No
Operating System	mandrakesoft	mandrake_linux_corporate_server	4.0	No
Application	mandrakesoft	mandrake_multi_network_firewall	2.0	Yes

References

http://issues.foresightlinux.org/browse/FL-223 ([email protected])
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=501 Patch ([email protected])
http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html ([email protected])
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html ([email protected])
http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html ([email protected])
http://rhn.redhat.com/errata/RHSA-2007-0125.html ([email protected])
http://secunia.com/advisories/24741 Vendor Advisory ([email protected])
http://secunia.com/advisories/24745 ([email protected])
http://secunia.com/advisories/24756 ([email protected])
http://secunia.com/advisories/24758 ([email protected])
http://secunia.com/advisories/24765 ([email protected])
http://secunia.com/advisories/24768 ([email protected])
http://secunia.com/advisories/24770 Vendor Advisory ([email protected])
http://secunia.com/advisories/24771 ([email protected])
http://secunia.com/advisories/24772 ([email protected])
http://secunia.com/advisories/24776 ([email protected])
http://secunia.com/advisories/24791 ([email protected])
http://secunia.com/advisories/24885 ([email protected])
http://secunia.com/advisories/24889 ([email protected])
http://secunia.com/advisories/24921 ([email protected])
http://secunia.com/advisories/24996 ([email protected])
http://secunia.com/advisories/25004 ([email protected])
http://secunia.com/advisories/25006 ([email protected])
http://secunia.com/advisories/25096 ([email protected])
http://secunia.com/advisories/25195 ([email protected])
http://secunia.com/advisories/25216 ([email protected])
http://secunia.com/advisories/25305 ([email protected])
http://secunia.com/advisories/25495 ([email protected])
http://secunia.com/advisories/28333 ([email protected])
http://secunia.com/advisories/30161 ([email protected])
http://secunia.com/advisories/33937 ([email protected])
http://security.gentoo.org/glsa/glsa-200705-02.xml ([email protected])
http://security.gentoo.org/glsa/glsa-200705-10.xml ([email protected])
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.626733 ([email protected])
http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=498954 ([email protected])
http://sourceforge.net/project/shownotes.php?release_id=498954 ([email protected])
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1 ([email protected])
http://support.apple.com/kb/HT3438 ([email protected])
http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm ([email protected])
http://support.avaya.com/elmodocs2/security/ASA-2007-193.htm ([email protected])
http://www.debian.org/security/2007/dsa-1294 ([email protected])
http://www.debian.org/security/2008/dsa-1454 ([email protected])
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml ([email protected])
http://www.mandriva.com/security/advisories?name=MDKSA-2007:079 ([email protected])
http://www.mandriva.com/security/advisories?name=MDKSA-2007:080 ([email protected])
http://www.mandriva.com/security/advisories?name=MDKSA-2007:081 ([email protected])
http://www.novell.com/linux/security/advisories/2007_27_x.html ([email protected])
http://www.novell.com/linux/security/advisories/2007_6_sr.html ([email protected])
http://www.openbsd.org/errata39.html#021_xorg ([email protected])
http://www.openbsd.org/errata40.html#011_xorg ([email protected])
http://www.redhat.com/support/errata/RHSA-2007-0126.html ([email protected])
http://www.redhat.com/support/errata/RHSA-2007-0132.html ([email protected])
http://www.redhat.com/support/errata/RHSA-2007-0150.html ([email protected])
http://www.securityfocus.com/archive/1/464686/100/0/threaded ([email protected])
http://www.securityfocus.com/archive/1/464816/100/0/threaded ([email protected])
http://www.securityfocus.com/bid/23283 Patch ([email protected])
http://www.securityfocus.com/bid/23300 ([email protected])
http://www.securityfocus.com/bid/23402 ([email protected])
http://www.securitytracker.com/id?1017857 ([email protected])
http://www.trustix.org/errata/2007/0013/ ([email protected])
http://www.ubuntu.com/usn/usn-448-1 ([email protected])
http://www.vupen.com/english/advisories/2007/1217 ([email protected])
http://www.vupen.com/english/advisories/2007/1264 ([email protected])
http://www.vupen.com/english/advisories/2007/1548 ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/33417 ([email protected])
https://issues.rpath.com/browse/RPL-1213 ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11266 ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1810 ([email protected])
http://issues.foresightlinux.org/browse/FL-223 (af854a3a-2127-422b-91ae-364da2661108)
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=501 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2007-0125.html (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24741 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24745 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24756 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24758 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24765 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24768 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24770 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24771 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24772 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24776 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24791 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24885 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24889 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24921 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24996 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/25004 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/25006 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/25096 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/25195 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/25216 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/25305 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/25495 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28333 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/30161 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33937 (af854a3a-2127-422b-91ae-364da2661108)
http://security.gentoo.org/glsa/glsa-200705-02.xml (af854a3a-2127-422b-91ae-364da2661108)
http://security.gentoo.org/glsa/glsa-200705-10.xml (af854a3a-2127-422b-91ae-364da2661108)
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.626733 (af854a3a-2127-422b-91ae-364da2661108)
http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=498954 (af854a3a-2127-422b-91ae-364da2661108)
http://sourceforge.net/project/shownotes.php?release_id=498954 (af854a3a-2127-422b-91ae-364da2661108)
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1 (af854a3a-2127-422b-91ae-364da2661108)
http://support.apple.com/kb/HT3438 (af854a3a-2127-422b-91ae-364da2661108)
http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm (af854a3a-2127-422b-91ae-364da2661108)
http://support.avaya.com/elmodocs2/security/ASA-2007-193.htm (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2007/dsa-1294 (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2008/dsa-1454 (af854a3a-2127-422b-91ae-364da2661108)
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDKSA-2007:079 (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDKSA-2007:080 (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDKSA-2007:081 (af854a3a-2127-422b-91ae-364da2661108)
http://www.novell.com/linux/security/advisories/2007_27_x.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.novell.com/linux/security/advisories/2007_6_sr.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.openbsd.org/errata39.html#021_xorg (af854a3a-2127-422b-91ae-364da2661108)
http://www.openbsd.org/errata40.html#011_xorg (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2007-0126.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2007-0132.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2007-0150.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/464686/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/464816/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/23283 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/23300 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/23402 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1017857 (af854a3a-2127-422b-91ae-364da2661108)
http://www.trustix.org/errata/2007/0013/ (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/usn-448-1 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2007/1217 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2007/1264 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2007/1548 (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/33417 (af854a3a-2127-422b-91ae-364da2661108)
https://issues.rpath.com/browse/RPL-1213 (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11266 (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1810 (af854a3a-2127-422b-91ae-364da2661108)