CVE-2007-1351

Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.
References
Link Resource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=501 Patch
http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html
http://www.redhat.com/support/errata/RHSA-2007-0126.html
http://www.ubuntu.com/usn/usn-448-1
http://www.securityfocus.com/bid/23283 Patch
http://www.securitytracker.com/id?1017857
http://secunia.com/advisories/24741 Vendor Advisory
http://secunia.com/advisories/24756
http://secunia.com/advisories/24770 Vendor Advisory
http://issues.foresightlinux.org/browse/FL-223
http://sourceforge.net/project/shownotes.php?release_id=498954
https://issues.rpath.com/browse/RPL-1213
http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=498954
http://rhn.redhat.com/errata/RHSA-2007-0125.html
http://www.redhat.com/support/errata/RHSA-2007-0132.html
http://secunia.com/advisories/24745
http://secunia.com/advisories/24758
http://secunia.com/advisories/24765
http://secunia.com/advisories/24768
http://secunia.com/advisories/24771
http://secunia.com/advisories/24772
http://secunia.com/advisories/24776
http://secunia.com/advisories/24791
http://www.redhat.com/support/errata/RHSA-2007-0150.html
http://www.securityfocus.com/bid/23402
http://secunia.com/advisories/24885
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.626733
http://www.novell.com/linux/security/advisories/2007_6_sr.html
http://www.novell.com/linux/security/advisories/2007_27_x.html
http://secunia.com/advisories/24889
http://secunia.com/advisories/25004
http://secunia.com/advisories/24921
http://secunia.com/advisories/24996
http://www.openbsd.org/errata39.html#021_xorg
http://www.openbsd.org/errata40.html#011_xorg
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1
http://www.securityfocus.com/bid/23300
http://secunia.com/advisories/25006
http://security.gentoo.org/glsa/glsa-200705-02.xml
http://security.gentoo.org/glsa/glsa-200705-10.xml
http://secunia.com/advisories/25096
http://secunia.com/advisories/25195
http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm
http://secunia.com/advisories/25216
http://support.avaya.com/elmodocs2/security/ASA-2007-193.htm
http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html
http://www.debian.org/security/2007/dsa-1294
http://www.mandriva.com/security/advisories?name=MDKSA-2007:079
http://www.mandriva.com/security/advisories?name=MDKSA-2007:080
http://www.mandriva.com/security/advisories?name=MDKSA-2007:081
http://secunia.com/advisories/25305
http://secunia.com/advisories/25495
http://www.debian.org/security/2008/dsa-1454
http://secunia.com/advisories/28333
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
http://secunia.com/advisories/30161
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
http://secunia.com/advisories/33937
http://support.apple.com/kb/HT3438
http://www.vupen.com/english/advisories/2007/1548
http://www.vupen.com/english/advisories/2007/1217
http://www.vupen.com/english/advisories/2007/1264
http://www.trustix.org/errata/2007/0013/
https://exchange.xforce.ibmcloud.com/vulnerabilities/33417
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1810
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11266
http://www.securityfocus.com/archive/1/464816/100/0/threaded
http://www.securityfocus.com/archive/1/464686/100/0/threaded
Configurations

Configuration 1

cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:amd64:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:sparc:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:amd64:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:powerpc:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:i386:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:amd64:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:i386:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:powerpc:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:sparc:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:sparc:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:i386:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:powerpc:*:*:*:*:*
cpe:2.3:a:xfree86_project:x11r6:4.3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*
cpe:2.3:a:x.org:libxfont:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:xfree86_project:x11r6:4.3.0.1:*:*:*:*:*:*:*
cpe:2.3:o:rpath:rpath_linux:1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:4.0:*:advanced_server:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:5.0:*:server:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:4.0:*:workstation:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:5.0:*:desktop:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*
cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:4.0:*:enterprise_server:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_servers:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:5.0:*:desktop_workstation:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:3.9:*:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:4.0:*:*:*:*:*:*:*

Information

Published : 2007-04-06 01:19

Updated : 2018-10-16 04:38


NVD link : CVE-2007-1351

Mitre link : CVE-2007-1351

Products Affected
No products.
CWE