8.5

CVE-2007-1351

EPSS 7.49%
Published 06.04.2007 01:19:00
Last modified 09.04.2025 00:30:58
Source secalert@redhat.com
Teams watchlist Login
Open Login

Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.

Affected products Warnungen 0 Metrics 2 CWE 0 References 71

Data is provided by the National Vulnerability Database (NVD)

Ubuntu ≫ Ubuntu Linux Version5.10 Editionamd64

Ubuntu ≫ Ubuntu Linux Version5.10 Editioni386

Ubuntu ≫ Ubuntu Linux Version5.10 Editionpowerpc

Ubuntu ≫ Ubuntu Linux Version5.10 Editionsparc

Ubuntu ≫ Ubuntu Linux Version6.06_lts Editionamd64

Ubuntu ≫ Ubuntu Linux Version6.06_lts Editioni386

Ubuntu ≫ Ubuntu Linux Version6.06_lts Editionpowerpc

Ubuntu ≫ Ubuntu Linux Version6.06_lts Editionsparc

Ubuntu ≫ Ubuntu Linux Version6.10 Editionamd64

Ubuntu ≫ Ubuntu Linux Version6.10 Editioni386

Ubuntu ≫ Ubuntu Linux Version6.10 Editionpowerpc

Ubuntu ≫ Ubuntu Linux Version6.10 Editionsparc

X.Org ≫ Libxfont Version1.2.2

Xfree86 Project ≫ X11r6 Version4.3.0

Xfree86 Project ≫ X11r6 Version4.3.0.1

Xfree86 Project ≫ X11r6 Version4.3.0.2

Rpath ≫ Rpath Linux Version1

Redhat ≫ Enterprise Linux Version2.1 Editionadvanced_server

Redhat ≫ Enterprise Linux Version2.1 Editionadvanced_server_ia64

Redhat ≫ Enterprise Linux Version2.1 Editionenterprise_server

Redhat ≫ Enterprise Linux Version2.1 Editionenterprise_server_ia64

Redhat ≫ Enterprise Linux Version2.1 Editionworkstation

Redhat ≫ Enterprise Linux Version2.1 Editionworkstation_ia64

Redhat ≫ Enterprise Linux Version3.0 Editionadvanced_servers

Redhat ≫ Enterprise Linux Version3.0 Editionenterprise_server

Redhat ≫ Enterprise Linux Version3.0 Editionworkstation

Redhat ≫ Enterprise Linux Version4.0 Editionadvanced_server

Redhat ≫ Enterprise Linux Version4.0 Editionenterprise_server

Redhat ≫ Enterprise Linux Version4.0 Editionworkstation

Redhat ≫ Enterprise Linux Version5.0 Editiondesktop

Redhat ≫ Enterprise Linux Version5.0 Editiondesktop_workstation

Redhat ≫ Enterprise Linux Version5.0 Editionserver

Redhat ≫ Enterprise Linux Desktop Version3.0

Redhat ≫ Enterprise Linux Desktop Version4.0

Redhat ≫ Linux Advanced Workstation Version2.1 Editionia64

Redhat ≫ Linux Advanced Workstation Version2.1 Editionitanium

Openbsd ≫ Openbsd Version3.9

Openbsd ≫ Openbsd Version4.0

Mandrakesoft ≫ Mandrake Multi Network Firewall Version2.0

   Mandrakesoft ≫ Mandrake Linux Version2007
   Mandrakesoft ≫ Mandrake Linux Version2007 Editionx86_64
   Mandrakesoft ≫ Mandrake Linux Corporate Server Version3.0
   Mandrakesoft ≫ Mandrake Linux Corporate Server Version3.0 Editionx86_64
   Mandrakesoft ≫ Mandrake Linux Corporate Server Version4.0
   Mandrakesoft ≫ Mandrake Linux Corporate Server Version4.0 Editionx86_64

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	7.49%	0.909

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.5	6.8	10	AV:N/AC:M/Au:S/C:C/I:C/A:C

http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html

http://secunia.com/advisories/33937

http://support.apple.com/kb/HT3438

http://secunia.com/advisories/30161

http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml

http://secunia.com/advisories/24889

http://www.novell.com/linux/security/advisories/2007_6_sr.html

http://issues.foresightlinux.org/browse/FL-223

http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html

http://rhn.redhat.com/errata/RHSA-2007-0125.html

http://secunia.com/advisories/24741

Vendor Advisory

http://secunia.com/advisories/24745

http://secunia.com/advisories/24756

http://secunia.com/advisories/24758

http://secunia.com/advisories/24765

http://secunia.com/advisories/24771

http://secunia.com/advisories/24791

http://secunia.com/advisories/25004

http://secunia.com/advisories/25305

http://www.debian.org/security/2007/dsa-1294

http://www.mandriva.com/security/advisories?name=MDKSA-2007:079

http://www.novell.com/linux/security/advisories/2007_27_x.html

http://www.openbsd.org/errata39.html#021_xorg

http://www.openbsd.org/errata40.html#011_xorg

http://www.redhat.com/support/errata/RHSA-2007-0126.html

http://www.securityfocus.com/archive/1/464686/100/0/threaded

http://www.securityfocus.com/archive/1/464816/100/0/threaded

http://www.securityfocus.com/bid/23300

http://www.vupen.com/english/advisories/2007/1217

https://issues.rpath.com/browse/RPL-1213

http://secunia.com/advisories/24770

Vendor Advisory

http://secunia.com/advisories/24772

http://secunia.com/advisories/25006

http://secunia.com/advisories/25195

http://secunia.com/advisories/25216

http://security.gentoo.org/glsa/glsa-200705-10.xml

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1

http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm

http://www.mandriva.com/security/advisories?name=MDKSA-2007:080

http://www.securitytracker.com/id?1017857

http://www.ubuntu.com/usn/usn-448-1

http://www.vupen.com/english/advisories/2007/1548

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=501

Patch

http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html

http://secunia.com/advisories/24768

http://secunia.com/advisories/24776

http://secunia.com/advisories/24885

http://secunia.com/advisories/24921

http://secunia.com/advisories/24996

http://secunia.com/advisories/25096

http://secunia.com/advisories/25495

http://secunia.com/advisories/28333

http://security.gentoo.org/glsa/glsa-200705-02.xml

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.626733

http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=498954

http://sourceforge.net/project/shownotes.php?release_id=498954

http://support.avaya.com/elmodocs2/security/ASA-2007-193.htm

http://www.debian.org/security/2008/dsa-1454

http://www.mandriva.com/security/advisories?name=MDKSA-2007:081

http://www.redhat.com/support/errata/RHSA-2007-0132.html

http://www.redhat.com/support/errata/RHSA-2007-0150.html

http://www.securityfocus.com/bid/23283

Patch

http://www.securityfocus.com/bid/23402

http://www.trustix.org/errata/2007/0013/

http://www.vupen.com/english/advisories/2007/1264

https://exchange.xforce.ibmcloud.com/vulnerabilities/33417

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11266

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1810

https://nvd.nist.gov/vuln/detail/CVE-2007-1351

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-1351

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-1351

EUVD