CVE-2007-1351

Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.

CVSS v2.0 8.5

8.5^/10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 6.8 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

References

Link	Resource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=501	Patch
http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html
http://www.redhat.com/support/errata/RHSA-2007-0126.html
http://www.ubuntu.com/usn/usn-448-1
http://www.securityfocus.com/bid/23283	Patch
http://www.securitytracker.com/id?1017857
http://secunia.com/advisories/24741	Vendor Advisory
http://secunia.com/advisories/24756
http://secunia.com/advisories/24770	Vendor Advisory
http://issues.foresightlinux.org/browse/FL-223
http://sourceforge.net/project/shownotes.php?release_id=498954
https://issues.rpath.com/browse/RPL-1213
http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=498954
http://rhn.redhat.com/errata/RHSA-2007-0125.html
http://www.redhat.com/support/errata/RHSA-2007-0132.html
http://secunia.com/advisories/24745
http://secunia.com/advisories/24758
http://secunia.com/advisories/24765
http://secunia.com/advisories/24768
http://secunia.com/advisories/24771
http://secunia.com/advisories/24772
http://secunia.com/advisories/24776
http://secunia.com/advisories/24791
http://www.redhat.com/support/errata/RHSA-2007-0150.html
http://www.securityfocus.com/bid/23402
http://secunia.com/advisories/24885
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.626733
http://www.novell.com/linux/security/advisories/2007_6_sr.html
http://www.novell.com/linux/security/advisories/2007_27_x.html
http://secunia.com/advisories/24889
http://secunia.com/advisories/25004
http://secunia.com/advisories/24921
http://secunia.com/advisories/24996
http://www.openbsd.org/errata39.html#021_xorg
http://www.openbsd.org/errata40.html#011_xorg
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1
http://www.securityfocus.com/bid/23300
http://secunia.com/advisories/25006
http://security.gentoo.org/glsa/glsa-200705-02.xml
http://security.gentoo.org/glsa/glsa-200705-10.xml
http://secunia.com/advisories/25096
http://secunia.com/advisories/25195
http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm
http://secunia.com/advisories/25216
http://support.avaya.com/elmodocs2/security/ASA-2007-193.htm
http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html
http://www.debian.org/security/2007/dsa-1294
http://www.mandriva.com/security/advisories?name=MDKSA-2007:079
http://www.mandriva.com/security/advisories?name=MDKSA-2007:080
http://www.mandriva.com/security/advisories?name=MDKSA-2007:081
http://secunia.com/advisories/25305
http://secunia.com/advisories/25495
http://www.debian.org/security/2008/dsa-1454
http://secunia.com/advisories/28333
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
http://secunia.com/advisories/30161
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
http://secunia.com/advisories/33937
http://support.apple.com/kb/HT3438
http://www.vupen.com/english/advisories/2007/1548
http://www.vupen.com/english/advisories/2007/1217
http://www.vupen.com/english/advisories/2007/1264
http://www.trustix.org/errata/2007/0013/
https://exchange.xforce.ibmcloud.com/vulnerabilities/33417
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1810
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11266
http://www.securityfocus.com/archive/1/464816/100/0/threaded
http://www.securityfocus.com/archive/1/464686/100/0/threaded

Configurations

Configuration 1

cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:amd64:*:*:*:*:*

cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:sparc:*:*:*:*:*

cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:amd64:*:*:*:*:*

cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:powerpc:*:*:*:*:*

cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:i386:*:*:*:*:*

cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:amd64:*:*:*:*:*

cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:i386:*:*:*:*:*

cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:powerpc:*:*:*:*:*

cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:sparc:*:*:*:*:*

cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:sparc:*:*:*:*:*

cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:i386:*:*:*:*:*

cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:powerpc:*:*:*:*:*

cpe:2.3:a:xfree86_project:x11r6:4.3.0.2:*:*:*:*:*:*:*

cpe:2.3:a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*

cpe:2.3:a:x.org:libxfont:1.2.2:*:*:*:*:*:*:*

cpe:2.3:a:xfree86_project:x11r6:4.3.0.1:*:*:*:*:*:*:*

cpe:2.3:o:rpath:rpath_linux:1:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:4.0:*:advanced_server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:5.0:*:server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:4.0:*:workstation:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:5.0:*:desktop:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*

cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:4.0:*:enterprise_server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_servers:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:5.0:*:desktop_workstation:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*

cpe:2.3:o:openbsd:openbsd:3.9:*:*:*:*:*:*:*

cpe:2.3:o:openbsd:openbsd:4.0:*:*:*:*:*:*:*

History

24 Jan 2023, 16:19

Type	Values Removed	Values Added
CPE		cpe:2.3:a:predictapp_project:predictapp::::::::
References	~~(MISC) https://github.com/abhilash1985/PredictApp/commit/b067372f3ee26fe1b657121f0f41883ff4461a06 -~~	(MISC) https://github.com/abhilash1985/PredictApp/commit/b067372f3ee26fe1b657121f0f41883ff4461a06 - Patch, Third Party Advisory
References	~~(MISC) https://github.com/abhilash1985/PredictApp/pull/73 -~~	(MISC) https://github.com/abhilash1985/PredictApp/pull/73 - Patch, Third Party Advisory
References	~~(MISC) https://vuldb.com/?id.218387 -~~	(MISC) https://vuldb.com/?id.218387 - Third Party Advisory
References	~~(MISC) https://vuldb.com/?ctiid.218387 -~~	(MISC) https://vuldb.com/?ctiid.218387 - Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
First Time		Predictapp Project predictapp Predictapp Project

16 Jan 2023, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2007-04-06 01:19

Updated : 2018-10-16 04:38

NVD link : CVE-2007-1351

Mitre link : CVE-2007-1351

Products Affected

No products.

CWE

CWE-189