Vulnerability Details : CVE-2007-1351
Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.
Vulnerability category: OverflowExecute code
Products affected by CVE-2007-1351
- cpe:2.3:a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*When used together with: Mandrakesoft » Mandrake Linux Corporate Server » Version: 3.0 X86 64 EditionWhen used together with: Mandrakesoft » Mandrake Linux Corporate Server » Version: 4.0 X86 64 Edition
- cpe:2.3:o:redhat:enterprise_linux:4.0:*:advanced_server:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:4.0:*:enterprise_server:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:4.0:*:workstation:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_servers:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:5.0:*:desktop_workstation:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:5.0:*:desktop:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:5.0:*:server:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*
- cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*
- cpe:2.3:a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:xfree86_project:x11r6:4.3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:xfree86_project:x11r6:4.3.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:amd64:*:*:*:*:*
- cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:i386:*:*:*:*:*
- cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:powerpc:*:*:*:*:*
- cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:sparc:*:*:*:*:*
- cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:amd64:*:*:*:*:*
- cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:i386:*:*:*:*:*
- cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:powerpc:*:*:*:*:*
- cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:sparc:*:*:*:*:*
- cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:i386:*:*:*:*:*
- cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:powerpc:*:*:*:*:*
- cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:sparc:*:*:*:*:*
- cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:amd64:*:*:*:*:*
- cpe:2.3:a:x.org:libxfont:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:3.9:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:rpath:rpath_linux:1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-1351
5.03%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-1351
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.5
|
HIGH | AV:N/AC:M/Au:S/C:C/I:C/A:C |
6.8
|
10.0
|
NIST |
CWE ids for CVE-2007-1351
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-1351
-
http://www.debian.org/security/2008/dsa-1454
[SECURITY] [DSA 1454-1] New freetype packages fix arbitrary code execution
-
http://www.openbsd.org/errata40.html#011_xorg
OpenBSD 4.0 Errata
-
http://www.novell.com/linux/security/advisories/2007_6_sr.html
404 Page Not Found | SUSE
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.626733
The Slackware Linux Project: Slackware Security Advisories
-
http://issues.foresightlinux.org/browse/FL-223
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/33417
X.Org X11 BDF font buffer overflow CVE-2007-3408 Vulnerability Report
-
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=501
Patch
-
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
Linux Terminal Server Project: Multiple vulnerabilities (GLSA 200805-07) — Gentoo security
-
http://www.securityfocus.com/bid/23283
Patch
-
http://www.securityfocus.com/archive/1/464686/100/0/threaded
-
http://www.novell.com/linux/security/advisories/2007_27_x.html
404 Page Not Found | SUSE
-
http://www.vupen.com/english/advisories/2007/1217
Site en construction
-
http://www.redhat.com/support/errata/RHSA-2007-0126.html
Support
-
http://www.openbsd.org/errata39.html#021_xorg
OpenBSD 3.9 Errata
-
http://sourceforge.net/project/shownotes.php?release_id=498954
Page not found - SourceForge.net
-
http://www.vupen.com/english/advisories/2007/1264
Site en construction
-
http://www.trustix.org/errata/2007/0013/
Trustix | Empowering Trust and Security in the Digital Age
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:079
Security | Mandriva
-
http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm
ASA-2007-178 (SUN 102886)
-
http://www.redhat.com/support/errata/RHSA-2007-0132.html
Support
-
http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html
Apple - Lists.apple.com
-
http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=498954
The FreeType Project download | SourceForge.net
-
http://www.securityfocus.com/bid/23402
-
http://www.securityfocus.com/bid/23300
-
http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html
[ANNOUNCE] various integer overflow vulnerabilites in xserver, libX11 and libXfont
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1810
404 Not Found
-
http://www.securitytracker.com/id?1017857
Access Denied
-
http://www.vupen.com/english/advisories/2007/1548
Site en construction
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11266
404 Not Found
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:081
Mandriva
-
http://support.apple.com/kb/HT3438
About the security content of Security Update 2009-001 - Apple Support
-
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
-
http://support.avaya.com/elmodocs2/security/ASA-2007-193.htm
ASA-2007-193 (RHSA-2007-0150)
-
http://www.redhat.com/support/errata/RHSA-2007-0150.html
Support
-
http://security.gentoo.org/glsa/glsa-200705-10.xml
LibXfont, TightVNC: Multiple vulnerabilities (GLSA 200705-10) — Gentoo security
-
http://security.gentoo.org/glsa/glsa-200705-02.xml
FreeType: User-assisted execution of arbitrary code (GLSA 200705-02) — Gentoo security
-
https://issues.rpath.com/browse/RPL-1213
-
http://www.debian.org/security/2007/dsa-1294
[SECURITY] [DSA 1294-1] New xfree86 packages fix several vulnerabilities
-
http://rhn.redhat.com/errata/RHSA-2007-0125.html
RHSA-2007:0125 - Security Advisory - Red Hat Customer Portal
-
http://www.ubuntu.com/usn/usn-448-1
USN-448-1: X.org vulnerabilities | Ubuntu security notices | Ubuntu
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:080
Mandriva
-
http://www.securityfocus.com/archive/1/464816/100/0/threaded
Jump to