8.5

CVE-2007-1351

Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
UbuntuUbuntu Linux Version5.10 Editionamd64
UbuntuUbuntu Linux Version5.10 Editioni386
UbuntuUbuntu Linux Version5.10 Editionpowerpc
UbuntuUbuntu Linux Version5.10 Editionsparc
UbuntuUbuntu Linux Version6.06_lts Editionamd64
UbuntuUbuntu Linux Version6.06_lts Editioni386
UbuntuUbuntu Linux Version6.06_lts Editionpowerpc
UbuntuUbuntu Linux Version6.06_lts Editionsparc
UbuntuUbuntu Linux Version6.10 Editionamd64
UbuntuUbuntu Linux Version6.10 Editioni386
UbuntuUbuntu Linux Version6.10 Editionpowerpc
UbuntuUbuntu Linux Version6.10 Editionsparc
X.OrgLibxfont Version1.2.2
Xfree86 ProjectX11r6 Version4.3.0
Xfree86 ProjectX11r6 Version4.3.0.1
Xfree86 ProjectX11r6 Version4.3.0.2
RpathRpath Linux Version1
RedhatEnterprise Linux Version2.1 Editionadvanced_server
RedhatEnterprise Linux Version2.1 Editionadvanced_server_ia64
RedhatEnterprise Linux Version2.1 Editionenterprise_server
RedhatEnterprise Linux Version2.1 Editionenterprise_server_ia64
RedhatEnterprise Linux Version2.1 Editionworkstation
RedhatEnterprise Linux Version2.1 Editionworkstation_ia64
RedhatEnterprise Linux Version3.0 Editionadvanced_servers
RedhatEnterprise Linux Version3.0 Editionenterprise_server
RedhatEnterprise Linux Version3.0 Editionworkstation
RedhatEnterprise Linux Version4.0 Editionadvanced_server
RedhatEnterprise Linux Version4.0 Editionenterprise_server
RedhatEnterprise Linux Version4.0 Editionworkstation
RedhatEnterprise Linux Version5.0 Editiondesktop
RedhatEnterprise Linux Version5.0 Editiondesktop_workstation
RedhatEnterprise Linux Version5.0 Editionserver
RedhatLinux Advanced Workstation Version2.1 Editionia64
RedhatLinux Advanced Workstation Version2.1 Editionitanium
OpenbsdOpenbsd Version3.9
OpenbsdOpenbsd Version4.0
MandrakesoftMandrake Multi Network Firewall Version2.0
   MandrakesoftMandrake Linux Version2007
   MandrakesoftMandrake Linux Version2007 Editionx86_64
   MandrakesoftMandrake Linux Corporate Server Version3.0
   MandrakesoftMandrake Linux Corporate Server Version3.0 Editionx86_64
   MandrakesoftMandrake Linux Corporate Server Version4.0
   MandrakesoftMandrake Linux Corporate Server Version4.0 Editionx86_64
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.59% 0.919
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.5 6.8 10
AV:N/AC:M/Au:S/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
http://secunia.com/advisories/33937
http://support.apple.com/kb/HT3438
http://secunia.com/advisories/30161
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
http://secunia.com/advisories/24889
http://www.novell.com/linux/security/advisories/2007_6_sr.html
http://issues.foresightlinux.org/browse/FL-223
http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html
http://rhn.redhat.com/errata/RHSA-2007-0125.html
http://secunia.com/advisories/24741
Vendor Advisory
http://secunia.com/advisories/24745
http://secunia.com/advisories/24756
http://secunia.com/advisories/24758
http://secunia.com/advisories/24765
http://secunia.com/advisories/24771
http://secunia.com/advisories/24791
http://secunia.com/advisories/25004
http://secunia.com/advisories/25305
http://www.debian.org/security/2007/dsa-1294
http://www.mandriva.com/security/advisories?name=MDKSA-2007:079
http://www.novell.com/linux/security/advisories/2007_27_x.html
http://www.openbsd.org/errata39.html#021_xorg
http://www.openbsd.org/errata40.html#011_xorg
http://www.redhat.com/support/errata/RHSA-2007-0126.html
http://www.securityfocus.com/archive/1/464686/100/0/threaded
http://www.securityfocus.com/archive/1/464816/100/0/threaded
http://www.securityfocus.com/bid/23300
http://www.vupen.com/english/advisories/2007/1217
https://issues.rpath.com/browse/RPL-1213
http://secunia.com/advisories/24770
Vendor Advisory
http://secunia.com/advisories/24772
http://secunia.com/advisories/25006
http://secunia.com/advisories/25195
http://secunia.com/advisories/25216
http://security.gentoo.org/glsa/glsa-200705-10.xml
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1
http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm
http://www.mandriva.com/security/advisories?name=MDKSA-2007:080
http://www.securitytracker.com/id?1017857
http://www.ubuntu.com/usn/usn-448-1
http://www.vupen.com/english/advisories/2007/1548
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=501
Patch
http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html
http://secunia.com/advisories/24768
http://secunia.com/advisories/24776
http://secunia.com/advisories/24885
http://secunia.com/advisories/24921
http://secunia.com/advisories/24996
http://secunia.com/advisories/25096
http://secunia.com/advisories/25495
http://secunia.com/advisories/28333
http://security.gentoo.org/glsa/glsa-200705-02.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.626733
http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=498954
http://sourceforge.net/project/shownotes.php?release_id=498954
http://support.avaya.com/elmodocs2/security/ASA-2007-193.htm
http://www.debian.org/security/2008/dsa-1454
http://www.mandriva.com/security/advisories?name=MDKSA-2007:081
http://www.redhat.com/support/errata/RHSA-2007-0132.html
http://www.redhat.com/support/errata/RHSA-2007-0150.html
http://www.securityfocus.com/bid/23283
Patch
http://www.securityfocus.com/bid/23402
http://www.trustix.org/errata/2007/0013/
http://www.vupen.com/english/advisories/2007/1264
https://exchange.xforce.ibmcloud.com/vulnerabilities/33417
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11266
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1810