CVE-2007-1351
Last modified
CVE-2007-1351 is a vulnerability of currently unknown severity. Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.. EPSS estimates a 5.59% chance of exploitation in the next 30 days.
Description
Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu | Ubuntu Linux | 5.10 |
| Ubuntu | Ubuntu Linux | 6.06_lts |
| Ubuntu | Ubuntu Linux | 6.10 |
| X.Org | Libxfont | 1.2.2 |
| Xfree86 Project | X11r6 | 4.3.0 |
| Xfree86 Project | X11r6 | 4.3.0.1 |
| Xfree86 Project | X11r6 | 4.3.0.2 |
| Rpath | Rpath Linux | 1 |
| Redhat | Enterprise Linux | 2.1 |
| Redhat | Enterprise Linux | 3.0 |
| Redhat | Enterprise Linux | 4.0 |
| Redhat | Enterprise Linux | 5.0 |
| Redhat | Enterprise Linux Desktop | 3.0 |
| Redhat | Enterprise Linux Desktop | 4.0 |
| Redhat | Linux Advanced Workstation | 2.1 |
| Openbsd | Openbsd | 3.9 |
| Openbsd | Openbsd | 4.0 |
| Mandrakesoft | Mandrake Multi Network Firewall | 2.0 |
References
- http://secunia.com/advisories/24741Vendor Advisory
- http://secunia.com/advisories/24770Vendor Advisory
- http://secunia.com/advisories/24741Vendor Advisory
- http://secunia.com/advisories/24770Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2007-1351?
How severe is CVE-2007-1351?
How do I fix CVE-2007-1351?
Are you affected by CVE-2007-1351?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST