CVE-2007-1351

HIGH

Description

Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.

References

http://issues.foresightlinux.org/browse/FL-223

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=501

http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html

http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html

http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html

http://rhn.redhat.com/errata/RHSA-2007-0125.html

http://secunia.com/advisories/24741

http://secunia.com/advisories/24745

http://secunia.com/advisories/24756

http://secunia.com/advisories/24758

http://secunia.com/advisories/24765

http://secunia.com/advisories/24768

http://secunia.com/advisories/24770

http://secunia.com/advisories/24771

http://secunia.com/advisories/24772

http://secunia.com/advisories/24776

http://secunia.com/advisories/24791

http://secunia.com/advisories/24885

http://secunia.com/advisories/24889

http://secunia.com/advisories/24921

http://secunia.com/advisories/24996

http://secunia.com/advisories/25004

http://secunia.com/advisories/25006

http://secunia.com/advisories/25096

http://secunia.com/advisories/25195

http://secunia.com/advisories/25216

http://secunia.com/advisories/25305

http://secunia.com/advisories/25495

http://secunia.com/advisories/28333

http://secunia.com/advisories/30161

http://secunia.com/advisories/33937

http://security.gentoo.org/glsa/glsa-200705-02.xml

http://security.gentoo.org/glsa/glsa-200705-10.xml

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.626733

http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=498954

http://sourceforge.net/project/shownotes.php?release_id=498954

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1

http://support.apple.com/kb/HT3438

http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm

http://support.avaya.com/elmodocs2/security/ASA-2007-193.htm

http://www.debian.org/security/2007/dsa-1294

http://www.debian.org/security/2008/dsa-1454

http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml

http://www.mandriva.com/security/advisories?name=MDKSA-2007:079

http://www.mandriva.com/security/advisories?name=MDKSA-2007:080

http://www.mandriva.com/security/advisories?name=MDKSA-2007:081

http://www.novell.com/linux/security/advisories/2007_27_x.html

http://www.novell.com/linux/security/advisories/2007_6_sr.html

http://www.openbsd.org/errata39.html#021_xorg

http://www.openbsd.org/errata40.html#011_xorg

http://www.redhat.com/support/errata/RHSA-2007-0126.html

http://www.redhat.com/support/errata/RHSA-2007-0132.html

http://www.redhat.com/support/errata/RHSA-2007-0150.html

http://www.securityfocus.com/archive/1/464686/100/0/threaded

http://www.securityfocus.com/archive/1/464816/100/0/threaded

http://www.securityfocus.com/bid/23283

http://www.securityfocus.com/bid/23300

http://www.securityfocus.com/bid/23402

http://www.securitytracker.com/id?1017857

http://www.trustix.org/errata/2007/0013/

http://www.ubuntu.com/usn/usn-448-1

http://www.vupen.com/english/advisories/2007/1217

http://www.vupen.com/english/advisories/2007/1264

http://www.vupen.com/english/advisories/2007/1548

https://exchange.xforce.ibmcloud.com/vulnerabilities/33417

https://issues.rpath.com/browse/RPL-1213

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11266

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1810

Details

Source: MITRE

Published: 2007-04-06

Updated: 2018-10-16

Type: CWE-189

Risk Information

CVSS v2.0

Base Score: 8.5

Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 6.8

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:amd64:*:*:*:*:*

cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:i386:*:*:*:*:*

cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:powerpc:*:*:*:*:*

cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:sparc:*:*:*:*:*

cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:amd64:*:*:*:*:*

cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:i386:*:*:*:*:*

cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:powerpc:*:*:*:*:*

cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:sparc:*:*:*:*:*

cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:amd64:*:*:*:*:*

cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:i386:*:*:*:*:*

cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:powerpc:*:*:*:*:*

cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:sparc:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:x.org:libxfont:1.2.2:*:*:*:*:*:*:*

cpe:2.3:a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*

cpe:2.3:a:xfree86_project:x11r6:4.3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:xfree86_project:x11r6:4.3.0.2:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:rpath:rpath_linux:1:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_servers:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:4.0:*:advanced_server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:4.0:*:enterprise_server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:4.0:*:workstation:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:5.0:*:desktop:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:5.0:*:desktop_workstation:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:5.0:*:server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*

cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*

Configuration 5

OR

cpe:2.3:o:openbsd:openbsd:3.9:*:*:*:*:*:*:*

cpe:2.3:o:openbsd:openbsd:4.0:*:*:*:*:*:*:*

Configuration 6

AND

OR

cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*

cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:x86_64:*:*:*:*:*

cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*

cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*

cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*

cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:*

OR

cpe:2.3:a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*

Tenable Plugins

View all (25 total)

IDNameProductFamilySeverity
67469Oracle Linux 3 / 4 : freetype (ELSA-2007-0150)NessusOracle Linux Local Security Checks
high
67468Oracle Linux 5 : libXfont (ELSA-2007-0132)NessusOracle Linux Local Security Checks
high
67465Oracle Linux 4 : xorg-x11 (ELSA-2007-0126)NessusOracle Linux Local Security Checks
high
67464Oracle Linux 3 : XFree86 (ELSA-2007-0125)NessusOracle Linux Local Security Checks
high
35684Mac OS X Multiple Vulnerabilities (Security Update 2009-001)NessusMacOS X Local Security Checks
critical
29873Debian DSA-1454-1 : freetype - integer overflowNessusDebian Local Security Checks
high
29607SuSE 10 Security Update : Xorg X11 (ZYPP Patch Number 3083)NessusSuSE Local Security Checks
high
29437SuSE 10 Security Update : freetype2 (ZYPP Patch Number 3067)NessusSuSE Local Security Checks
high
28045Ubuntu 5.10 / 6.06 LTS / 6.10 : freetype, libxfont, xorg, xorg-server vulnerabilities (USN-448-1)NessusUbuntu Local Security Checks
high
27496openSUSE 10 Security Update : xorg-x11-server (xorg-x11-server-3082)NessusSuSE Local Security Checks
high
27226openSUSE 10 Security Update : freetype2 (freetype2-3066)NessusSuSE Local Security Checks
high
25324RHEL 5 : libXfont (RHSA-2007:0132)NessusRed Hat Local Security Checks
high
25259Debian DSA-1294-1 : xfree86 - several vulnerabilitiesNessusDebian Local Security Checks
high
25187GLSA-200705-10 : LibXfont, TightVNC: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
25132GLSA-200705-02 : FreeType: User-assisted execution of arbitrary codeNessusGentoo Local Security Checks
high
25092Slackware 10.1 / 10.2 / 11.0 / current : freetype (SSA:2007-109-01)NessusSlackware Local Security Checks
high
25066RHEL 3 / 4 / 5 : freetype (RHSA-2007:0150)NessusRed Hat Local Security Checks
high
25042CentOS 3 / 4 / 5 : freetype (CESA-2007:0150)NessusCentOS Local Security Checks
high
25006CentOS 4 : xorg (CESA-2007:0126)NessusCentOS Local Security Checks
high
24950RHEL 4 : xorg-x11 (RHSA-2007:0126)NessusRed Hat Local Security Checks
high
24949RHEL 2.1 / 3 : XFree86 (RHSA-2007:0125)NessusRed Hat Local Security Checks
high
24947Mandrake Linux Security Advisory : freetype2 (MDKSA-2007:081-1)NessusMandriva Local Security Checks
high
24946Mandrake Linux Security Advisory : tightvnc (MDKSA-2007:080-1)NessusMandriva Local Security Checks
high
24945Mandrake Linux Security Advisory : xorg-x11 (MDKSA-2007:079-1)NessusMandriva Local Security Checks
high
24920CentOS 3 : XFree86 (CESA-2007:0125)NessusCentOS Local Security Checks
high