CVE-2007-1351

Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.
References
Link Resource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=501 Patch
http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html
http://www.redhat.com/support/errata/RHSA-2007-0126.html
http://www.ubuntu.com/usn/usn-448-1
http://www.securityfocus.com/bid/23283 Patch
http://www.securitytracker.com/id?1017857
http://secunia.com/advisories/24741 Vendor Advisory
http://secunia.com/advisories/24756
http://secunia.com/advisories/24770 Vendor Advisory
http://issues.foresightlinux.org/browse/FL-223
http://sourceforge.net/project/shownotes.php?release_id=498954
https://issues.rpath.com/browse/RPL-1213
http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=498954
http://rhn.redhat.com/errata/RHSA-2007-0125.html
http://www.redhat.com/support/errata/RHSA-2007-0132.html
http://secunia.com/advisories/24745
http://secunia.com/advisories/24758
http://secunia.com/advisories/24765
http://secunia.com/advisories/24768
http://secunia.com/advisories/24771
http://secunia.com/advisories/24772
http://secunia.com/advisories/24776
http://secunia.com/advisories/24791
http://www.redhat.com/support/errata/RHSA-2007-0150.html
http://www.securityfocus.com/bid/23402
http://secunia.com/advisories/24885
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.626733
http://www.novell.com/linux/security/advisories/2007_6_sr.html
http://www.novell.com/linux/security/advisories/2007_27_x.html
http://secunia.com/advisories/24889
http://secunia.com/advisories/25004
http://secunia.com/advisories/24921
http://secunia.com/advisories/24996
http://www.openbsd.org/errata39.html#021_xorg
http://www.openbsd.org/errata40.html#011_xorg
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1
http://www.securityfocus.com/bid/23300
http://secunia.com/advisories/25006
http://security.gentoo.org/glsa/glsa-200705-02.xml
http://security.gentoo.org/glsa/glsa-200705-10.xml
http://secunia.com/advisories/25096
http://secunia.com/advisories/25195
http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm
http://secunia.com/advisories/25216
http://support.avaya.com/elmodocs2/security/ASA-2007-193.htm
http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html
http://www.debian.org/security/2007/dsa-1294
http://www.mandriva.com/security/advisories?name=MDKSA-2007:079
http://www.mandriva.com/security/advisories?name=MDKSA-2007:080
http://www.mandriva.com/security/advisories?name=MDKSA-2007:081
http://secunia.com/advisories/25305
http://secunia.com/advisories/25495
http://www.debian.org/security/2008/dsa-1454
http://secunia.com/advisories/28333
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
http://secunia.com/advisories/30161
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
http://secunia.com/advisories/33937
http://support.apple.com/kb/HT3438
http://www.vupen.com/english/advisories/2007/1548
http://www.vupen.com/english/advisories/2007/1217
http://www.vupen.com/english/advisories/2007/1264
http://www.trustix.org/errata/2007/0013/
https://exchange.xforce.ibmcloud.com/vulnerabilities/33417
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1810
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11266
http://www.securityfocus.com/archive/1/464816/100/0/threaded
http://www.securityfocus.com/archive/1/464686/100/0/threaded
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:amd64:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:i386:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:powerpc:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:sparc:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:powerpc:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:sparc:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:powerpc:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:sparc:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:amd64:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:i386:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:amd64:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:i386:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:x.org:libxfont:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*
cpe:2.3:a:xfree86_project:x11r6:4.3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:xfree86_project:x11r6:4.3.0.2:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:rpath:rpath_linux:1:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:4.0:*:advanced_server:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:4.0:*:enterprise_server:*:*:*:*:*
cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*
cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:5.0:*:server:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:4.0:*:workstation:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:5.0:*:desktop:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_servers:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:5.0:*:desktop_workstation:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:o:openbsd:openbsd:3.9:*:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:4.0:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
OR cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:x86_64:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:*
cpe:2.3:a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*

Information

Published : 2007-04-05 18:19

Updated : 2018-10-16 09:38


NVD link : CVE-2007-1351

Mitre link : CVE-2007-1351


JSON object : View

CWE
CWE-189

Numeric Errors

Advertisement

dedicated server usa

Products Affected

redhat

  • enterprise_linux_desktop
  • enterprise_linux
  • linux_advanced_workstation

rpath

  • rpath_linux

mandrakesoft

  • mandrake_linux
  • mandrake_multi_network_firewall
  • mandrake_linux_corporate_server

ubuntu

  • ubuntu_linux

xfree86_project

  • x11r6

x.org

  • libxfont

openbsd

  • openbsd