ID CVE-2007-1351
Summary Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.
References
Vulnerable Configurations
  • cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:amd64:*:*:*:*:*
    cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:amd64:*:*:*:*:*
  • cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:i386:*:*:*:*:*
    cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:i386:*:*:*:*:*
  • cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:powerpc:*:*:*:*:*
    cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:powerpc:*:*:*:*:*
  • cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:sparc:*:*:*:*:*
    cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:sparc:*:*:*:*:*
  • cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:amd64:*:*:*:*:*
    cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:amd64:*:*:*:*:*
  • cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:i386:*:*:*:*:*
    cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:i386:*:*:*:*:*
  • cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:powerpc:*:*:*:*:*
    cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:powerpc:*:*:*:*:*
  • cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:sparc:*:*:*:*:*
    cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:sparc:*:*:*:*:*
  • cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:amd64:*:*:*:*:*
    cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:amd64:*:*:*:*:*
  • cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:i386:*:*:*:*:*
    cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:i386:*:*:*:*:*
  • cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:powerpc:*:*:*:*:*
    cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:powerpc:*:*:*:*:*
  • cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:sparc:*:*:*:*:*
    cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:sparc:*:*:*:*:*
  • cpe:2.3:a:x.org:libxfont:1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:x.org:libxfont:1.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:xfree86_project:x11r6:4.3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:xfree86_project:x11r6:4.3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:xfree86_project:x11r6:4.3.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:xfree86_project:x11r6:4.3.0.2:*:*:*:*:*:*:*
  • cpe:2.3:o:rpath:rpath_linux:1:*:*:*:*:*:*:*
    cpe:2.3:o:rpath:rpath_linux:1:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_servers:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_servers:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:4.0:*:advanced_server:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:4.0:*:advanced_server:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:4.0:*:enterprise_server:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:4.0:*:enterprise_server:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:4.0:*:workstation:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:4.0:*:workstation:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:5.0:*:desktop:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:5.0:*:desktop:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:5.0:*:desktop_workstation:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:5.0:*:desktop_workstation:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:5.0:*:server:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:5.0:*:server:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*
    cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*
  • cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*
    cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*
  • cpe:2.3:o:openbsd:openbsd:3.9:*:*:*:*:*:*:*
    cpe:2.3:o:openbsd:openbsd:3.9:*:*:*:*:*:*:*
  • cpe:2.3:o:openbsd:openbsd:4.0:*:*:*:*:*:*:*
    cpe:2.3:o:openbsd:openbsd:4.0:*:*:*:*:*:*:*
  • cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*
    cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*
  • cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:x86_64:*:*:*:*:*
    cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:x86_64:*:*:*:*:*
  • cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
    cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*
    cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*
  • cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
    cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:*
    cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:*
  • cpe:2.3:a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*
CVSS
Base: 8.5 (as of 16-10-2018 - 16:38)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:S/C:C/I:C/A:C
oval via4
  • accepted 2013-04-29T04:12:47.231-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.
    family unix
    id oval:org.mitre.oval:def:11266
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.
    version 25
  • accepted 2007-09-06T09:13:28.469-04:00
    class vulnerability
    contributors
    name Pai Peng
    organization Opsware, Inc.
    definition_extensions
    • comment Solaris 8 (SPARC) is installed
      oval oval:org.mitre.oval:def:1539
    • comment Solaris 8 (SPARC) is installed
      oval oval:org.mitre.oval:def:1539
    • comment Solaris 9 (x86) is installed
      oval oval:org.mitre.oval:def:1683
    • comment Solaris 10 (x86) is installed
      oval oval:org.mitre.oval:def:1926
    • comment Solaris 10 (x86) is installed
      oval oval:org.mitre.oval:def:1926
    • comment Solaris 10 (x86) is installed
      oval oval:org.mitre.oval:def:1926
    • comment Solaris 9 (SPARC) is installed
      oval oval:org.mitre.oval:def:1457
    • comment Solaris 9 (SPARC) is installed
      oval oval:org.mitre.oval:def:1457
    • comment Solaris 10 (SPARC) is installed
      oval oval:org.mitre.oval:def:1440
    • comment Solaris 10 (SPARC) is installed
      oval oval:org.mitre.oval:def:1440
    • comment Solaris 8 (x86) is installed
      oval oval:org.mitre.oval:def:2059
    • comment Solaris 8 (x86) is installed
      oval oval:org.mitre.oval:def:2059
    • comment Solaris 9 (x86) is installed
      oval oval:org.mitre.oval:def:1683
    • comment Solaris 9 (x86) is installed
      oval oval:org.mitre.oval:def:1683
    description Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.
    family unix
    id oval:org.mitre.oval:def:1810
    status accepted
    submitted 2007-07-30T08:16:45.000-04:00
    title Multiple vulnerabilities in libfreetype, Xsun(1) and Xorg(1)
    version 32
redhat via4
advisories
  • bugzilla
    id 234228
    title CVE-2007-1351 BDF font integer overflow
    oval
    OR
    • AND
      • comment Red Hat Enterprise Linux 3 is installed
        oval oval:com.redhat.rhba:tst:20070026001
      • OR
        • AND
          • comment freetype is earlier than 0:2.1.4-6.el3
            oval oval:com.redhat.rhsa:tst:20070150002
          • comment freetype is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070150003
        • AND
          • comment freetype-devel is earlier than 0:2.1.4-6.el3
            oval oval:com.redhat.rhsa:tst:20070150004
          • comment freetype-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070150005
    • AND
      • comment Red Hat Enterprise Linux 4 is installed
        oval oval:com.redhat.rhba:tst:20070304001
      • OR
        • AND
          • comment freetype is earlier than 0:2.1.9-5.el4
            oval oval:com.redhat.rhsa:tst:20070150007
          • comment freetype is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070150003
        • AND
          • comment freetype-demos is earlier than 0:2.1.9-5.el4
            oval oval:com.redhat.rhsa:tst:20070150011
          • comment freetype-demos is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070150012
        • AND
          • comment freetype-devel is earlier than 0:2.1.9-5.el4
            oval oval:com.redhat.rhsa:tst:20070150008
          • comment freetype-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070150005
        • AND
          • comment freetype-utils is earlier than 0:2.1.9-5.el4
            oval oval:com.redhat.rhsa:tst:20070150009
          • comment freetype-utils is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070150010
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhba:tst:20070331001
      • OR
        • AND
          • comment freetype is earlier than 0:2.2.1-17.el5
            oval oval:com.redhat.rhsa:tst:20070150014
          • comment freetype is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070150015
        • AND
          • comment freetype-demos is earlier than 0:2.2.1-17.el5
            oval oval:com.redhat.rhsa:tst:20070150016
          • comment freetype-demos is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070150017
        • AND
          • comment freetype-devel is earlier than 0:2.2.1-17.el5
            oval oval:com.redhat.rhsa:tst:20070150018
          • comment freetype-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070150019
    rhsa
    id RHSA-2007:0150
    released 2007-04-16
    severity Moderate
    title RHSA-2007:0150: freetype security update (Moderate)
  • rhsa
    id RHSA-2007:0125
  • rhsa
    id RHSA-2007:0126
  • rhsa
    id RHSA-2007:0132
rpms
  • XFree86-0:4.3.0-120.EL
  • XFree86-100dpi-fonts-0:4.3.0-120.EL
  • XFree86-75dpi-fonts-0:4.3.0-120.EL
  • XFree86-ISO8859-14-100dpi-fonts-0:4.3.0-120.EL
  • XFree86-ISO8859-14-75dpi-fonts-0:4.3.0-120.EL
  • XFree86-ISO8859-15-100dpi-fonts-0:4.3.0-120.EL
  • XFree86-ISO8859-15-75dpi-fonts-0:4.3.0-120.EL
  • XFree86-ISO8859-2-100dpi-fonts-0:4.3.0-120.EL
  • XFree86-ISO8859-2-75dpi-fonts-0:4.3.0-120.EL
  • XFree86-ISO8859-9-100dpi-fonts-0:4.3.0-120.EL
  • XFree86-ISO8859-9-75dpi-fonts-0:4.3.0-120.EL
  • XFree86-Mesa-libGL-0:4.3.0-120.EL
  • XFree86-Mesa-libGLU-0:4.3.0-120.EL
  • XFree86-Xnest-0:4.3.0-120.EL
  • XFree86-Xvfb-0:4.3.0-120.EL
  • XFree86-base-fonts-0:4.3.0-120.EL
  • XFree86-cyrillic-fonts-0:4.3.0-120.EL
  • XFree86-devel-0:4.3.0-120.EL
  • XFree86-doc-0:4.3.0-120.EL
  • XFree86-font-utils-0:4.3.0-120.EL
  • XFree86-libs-0:4.3.0-120.EL
  • XFree86-libs-data-0:4.3.0-120.EL
  • XFree86-sdk-0:4.3.0-120.EL
  • XFree86-syriac-fonts-0:4.3.0-120.EL
  • XFree86-tools-0:4.3.0-120.EL
  • XFree86-truetype-fonts-0:4.3.0-120.EL
  • XFree86-twm-0:4.3.0-120.EL
  • XFree86-xauth-0:4.3.0-120.EL
  • XFree86-xdm-0:4.3.0-120.EL
  • XFree86-xfs-0:4.3.0-120.EL
  • xorg-x11-0:6.8.2-1.EL.13.37.7
  • xorg-x11-Mesa-libGL-0:6.8.2-1.EL.13.37.7
  • xorg-x11-Mesa-libGLU-0:6.8.2-1.EL.13.37.7
  • xorg-x11-Xdmx-0:6.8.2-1.EL.13.37.7
  • xorg-x11-Xnest-0:6.8.2-1.EL.13.37.7
  • xorg-x11-Xvfb-0:6.8.2-1.EL.13.37.7
  • xorg-x11-deprecated-libs-0:6.8.2-1.EL.13.37.7
  • xorg-x11-deprecated-libs-devel-0:6.8.2-1.EL.13.37.7
  • xorg-x11-devel-0:6.8.2-1.EL.13.37.7
  • xorg-x11-doc-0:6.8.2-1.EL.13.37.7
  • xorg-x11-font-utils-0:6.8.2-1.EL.13.37.7
  • xorg-x11-libs-0:6.8.2-1.EL.13.37.7
  • xorg-x11-sdk-0:6.8.2-1.EL.13.37.7
  • xorg-x11-tools-0:6.8.2-1.EL.13.37.7
  • xorg-x11-twm-0:6.8.2-1.EL.13.37.7
  • xorg-x11-xauth-0:6.8.2-1.EL.13.37.7
  • xorg-x11-xdm-0:6.8.2-1.EL.13.37.7
  • xorg-x11-xfs-0:6.8.2-1.EL.13.37.7
  • libXfont-0:1.2.2-1.0.2.el5
  • libXfont-devel-0:1.2.2-1.0.2.el5
  • freetype-0:2.1.4-6.el3
  • freetype-devel-0:2.1.4-6.el3
  • freetype-0:2.1.9-5.el4
  • freetype-demos-0:2.1.9-5.el4
  • freetype-devel-0:2.1.9-5.el4
  • freetype-utils-0:2.1.9-5.el4
  • freetype-0:2.2.1-17.el5
  • freetype-demos-0:2.2.1-17.el5
  • freetype-devel-0:2.2.1-17.el5
refmap via4
apple
  • APPLE-SA-2007-11-14
  • APPLE-SA-2009-02-12
bid
  • 23283
  • 23300
  • 23402
bugtraq
  • 20070404 rPSA-2007-0065-1 freetype xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs
  • 20070405 FLEA-2007-0009-1: xorg-x11 freetype
confirm
debian
  • DSA-1294
  • DSA-1454
gentoo
  • GLSA-200705-02
  • GLSA-200705-10
  • GLSA-200805-07
idefense 20070403 Multiple Vendor X Server BDF Font Parsing Integer Overflow Vulnerability
mandriva
  • MDKSA-2007:079
  • MDKSA-2007:080
  • MDKSA-2007:081
mlist [xorg-announce] 20070403 various integer overflow vulnerabilites in xserver, libX11 and libXfont
openbsd
  • [3.9] 021: SECURITY FIX: April 4, 2007
  • [4.0] 011: SECURITY FIX: April 4, 2007
sectrack 1017857
secunia
  • 24741
  • 24745
  • 24756
  • 24758
  • 24765
  • 24768
  • 24770
  • 24771
  • 24772
  • 24776
  • 24791
  • 24885
  • 24889
  • 24921
  • 24996
  • 25004
  • 25006
  • 25096
  • 25195
  • 25216
  • 25305
  • 25495
  • 28333
  • 30161
  • 33937
slackware SSA:2007-109-01
sunalert 102886
suse
  • SUSE-SA:2007:027
  • SUSE-SR:2007:006
trustix 2007-0013
ubuntu USN-448-1
vupen
  • ADV-2007-1217
  • ADV-2007-1264
  • ADV-2007-1548
xf xorg-bdf-font-bo(33417)
Last major update 16-10-2018 - 16:38
Published 06-04-2007 - 01:19
Back to Top