CVE-2007-1351
published 2007-04-06CVE-2007-1351: Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote…
PriorityP339high8.5CVSS 2.0
AVNACMAuSCCICAC
EPSS
5.59%
91.9th percentile
Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.
Affected
30 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | dia | — | — |
| debian | freetype | < freetype 2.3.5-1 (bookworm) | freetype 2.3.5-1 (bookworm) |
| debian | libxfont | < freetype 2.3.5-1 (bookworm) | freetype 2.3.5-1 (bookworm) |
| dia | dia | <= 0.96.1 | — |
| freetype | freetype | >= 0 < 2.3.5-1 | 2.3.5-1 |
| freetype | freetype | >= 0 < 2.3.5-1 | 2.3.5-1 |
| freetype | freetype | >= 0 < 2.3.5-1 | 2.3.5-1 |
| freetype | freetype | >= 0 < 2.3.5-1 | 2.3.5-1 |
| mandrakesoft | mandrake_multi_network_firewall | — | — |
| openbsd | openbsd | — | — |
| openbsd | openbsd | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | linux_advanced_workstation | — | — |
| rpath | rpath_linux | — | — |
| ubuntu | ubuntu_linux | — | — |
| ubuntu | ubuntu_linux | — | — |
| ubuntu | ubuntu_linux | — | — |
| x.org | libxfont | — | — |
| x.org | libxfont | >= 0 < 1:1.2.2-2 | 1:1.2.2-2 |
| x.org | libxfont | >= 0 < 1:1.2.2-2 | 1:1.2.2-2 |
CVSS provenance
nvdv2.08.5HIGHAV:N/AC:M/Au:S/C:C/I:C/A:C
osv8.5HIGH
vendor_ubuntu9.0CRITICAL
vendor_debian8.5MEDIUM
vendor_redhat8.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
Multiple font integer overflows (CVE-2007-1352)
vendor_redhat·2007-04-03·CVSS 8.5
CVE-2007-1351 [HIGH] Multiple font integer overflows (CVE-2007-1352)
Multiple font integer overflows (CVE-2007-1352)
Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.
Ubuntu
X.org vulnerabilities
vendor_ubuntu·2007-04-03·CVSS 9.0
CVE-2007-1351 [CRITICAL] X.org vulnerabilities
Title: X.org vulnerabilities
Summary: X.org vulnerabilities
Sean Larsson of iDefense Labs discovered that the MISC-XC extension of
Xorg did not correctly verify the size of allocated memory. An
authenticated user could send a specially crafted X11 request and
execute arbitrary code with root privileges. (CVE-2007-1003)
Greg MacManus of iDefense Labs discovered that the BDF font handling
code in Xorg and FreeType did not correctly verify the size of allocated
memory. If a user were tricked into using a specially crafted font, a
remote attacker could execute arbitrary code with root privileges.
(CVE-2007-1351, CVE-2007-1352)
Instructions: After a standard system upgrade you need to reboot your computer to
effect the necessary changes.
Debian
CVE-2007-3408: dia - Multiple unspecified vulnerabilities in Dia before 0.96.1-6 have unspecified att...
vendor_debian·2007·CVSS 8.5
CVE-2007-3408 [HIGH] CVE-2007-3408: dia - Multiple unspecified vulnerabilities in Dia before 0.96.1-6 have unspecified att...
Multiple unspecified vulnerabilities in Dia before 0.96.1-6 have unspecified attack vectors and impact, probably involving the use of vulnerable FreeType libraries that contain CVE-2007-2754 and/or CVE-2007-1351.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
Debian
CVE-2007-1351: freetype - Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org lib...
vendor_debian·2007·CVSS 8.5
CVE-2007-1351 [HIGH] CVE-2007-1351: freetype - Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org lib...
Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.
Scope: local
bookworm: resolved (fixed in 2.3.5-1)
bullseye: resolved (fixed in 2.3.5-1)
forky: resolved (fixed in 2.3.5-1)
sid: resolved (fixed in 2.3.5-1)
trixie: resolved (fixed in 2.3.5-1)
GHSA
GHSA-cmmx-w757-8p75: Integer overflow in the bdfReadCharacters function in bdfread
ghsa_unreviewed·2022-05-01
CVE-2007-1351 [HIGH] GHSA-cmmx-w757-8p75: Integer overflow in the bdfReadCharacters function in bdfread
Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.
GHSA
GHSA-mx46-hr66-3h8h: Multiple unspecified vulnerabilities in Dia before 0
ghsa_unreviewed·2022-05-01·CVSS 8.5
CVE-2007-3408 [HIGH] GHSA-mx46-hr66-3h8h: Multiple unspecified vulnerabilities in Dia before 0
Multiple unspecified vulnerabilities in Dia before 0.96.1-6 have unspecified attack vectors and impact, probably involving the use of vulnerable FreeType libraries that contain CVE-2007-2754 and/or CVE-2007-1351.
OSV
CVE-2007-1351: Integer overflow in the bdfReadCharacters function in bdfread
osv·2007-04-06·CVSS 8.5
CVE-2007-1351 [HIGH] CVE-2007-1351: Integer overflow in the bdfReadCharacters function in bdfread
Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2007-1351 Multiple font integer overflows (CVE-2007-1352)
bugzilla·2007-04-04·CVSS 8.5
CVE-2007-1351 [HIGH] CVE-2007-1351 Multiple font integer overflows (CVE-2007-1352)
CVE-2007-1351 Multiple font integer overflows (CVE-2007-1352)
+++ This bug was initially created as a clone of Bug #234058 +++
+++ This bug was initially created as a clone of Bug #234055 +++
iDEFENSE has reported two font related integer overflows.
CVE-2007-1351 describes an integer overflow in the way X parses a BDF font file.
CVE-2007-1352 describes an integer overflow in thw way X parses a fonts.dir file.
Both of these flaws could allow a local attacker to gain elevated privileges.
-- Additional comment from [email protected] on 2007-03-26 16:29 EST --
attachment 150950 is the proposed upstream patch
This flaw also affects FC5
Discussion:
Ping on this flaw, we need to fix this.
---
Sandmann: please do push an updated package for FC6
---
Was fixed by
* Fri Apr 06 2007
Bugzilla
CVE-2007-1351 BDF font integer overflow
bugzilla·2007-03-27·CVSS 8.5
CVE-2007-1351 [HIGH] CVE-2007-1351 BDF font integer overflow
CVE-2007-1351 BDF font integer overflow
+++ This bug was initially created as a clone of Bug #234058 +++
iDEFENSE has reported a font related integer overflow.
CVE-2007-1351 describes an integer overflow in the way freetype parses a BDF
font file.
This flaw could allow an attacker to execute arbitrary code as the user running
an application linked against freetype.
This flaw probably also affects RHEL 2.1, 3, and 4.
Discussion:
Created attachment 151115
Upstream patch
---
Ping on this flaw. Can we get some new packages rolled. I'd like to get an
errata to QA asap.
---
This is RHSA-2007:0150
---
Lifting embargo
---
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more
Bugzilla
CVE-2007-1351 Multiple font integer overflows (CVE-2007-1352)
bugzilla·2007-03-26·CVSS 8.5
CVE-2007-1351 [HIGH] CVE-2007-1351 Multiple font integer overflows (CVE-2007-1352)
CVE-2007-1351 Multiple font integer overflows (CVE-2007-1352)
+++ This bug was initially created as a clone of Bug #234055 +++
iDEFENSE has reported two font related integer overflows.
CVE-2007-1351 describes an integer overflow in the way X parses a BDF font file.
CVE-2007-1352 describes an integer overflow in thw way X parses a fonts.dir file.
Both of these flaws could allow a local attacker to gain elevated privileges.
Discussion:
attachment 150950 is the proposed upstream patch
---
Created attachment 151078
Another broken font
---
Lifting embargo
---
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated f
Bugzilla
CVE-2007-1351 Multiple font integer overflows (CVE-2007-1352)
bugzilla·2007-03-26·CVSS 8.5
CVE-2007-1351 [HIGH] CVE-2007-1351 Multiple font integer overflows (CVE-2007-1352)
CVE-2007-1351 Multiple font integer overflows (CVE-2007-1352)
iDEFENSE has reported two font related integer overflows.
CVE-2007-1351 describes an integer overflow in the way X parses a BDF font file.
CVE-2007-1352 describes an integer overflow in thw way X parses a fonts.dir file.
Both of these flaws could allow a local attacker to gain elevated privileges.
Discussion:
Created attachment 150950
Proposed upstream patch
---
Lifting embargo
---
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
http://rhn
Bugzilla
CVE-2007-1351 Multiple font integer overflows (CVE-2007-1352)
bugzilla·2007-03-26·CVSS 8.5
CVE-2007-1351 [HIGH] CVE-2007-1351 Multiple font integer overflows (CVE-2007-1352)
CVE-2007-1351 Multiple font integer overflows (CVE-2007-1352)
+++ This bug was initially created as a clone of Bug #234055 +++
iDEFENSE has reported two font related integer overflows.
CVE-2007-1351 describes an integer overflow in the way X parses a BDF font file.
CVE-2007-1352 describes an integer overflow in thw way X parses a fonts.dir file.
Both of these flaws could allow a local attacker to gain elevated privileges.
Discussion:
attachment 150950 is the proposed upstream patch
---
Lifting embargo
---
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen t
http://issues.foresightlinux.org/browse/FL-223http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=501http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.htmlhttp://lists.apple.com/archives/security-announce/2009/Feb/msg00000.htmlhttp://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.htmlhttp://rhn.redhat.com/errata/RHSA-2007-0125.htmlhttp://secunia.com/advisories/24741http://secunia.com/advisories/24745http://secunia.com/advisories/24756http://secunia.com/advisories/24758http://secunia.com/advisories/24765http://secunia.com/advisories/24768http://secunia.com/advisories/24770http://secunia.com/advisories/24771http://secunia.com/advisories/24772http://secunia.com/advisories/24776http://secunia.com/advisories/24791http://secunia.com/advisories/24885http://secunia.com/advisories/24889http://secunia.com/advisories/24921http://secunia.com/advisories/24996http://secunia.com/advisories/25004http://secunia.com/advisories/25006http://secunia.com/advisories/25096http://secunia.com/advisories/25195http://secunia.com/advisories/25216http://secunia.com/advisories/25305http://secunia.com/advisories/25495http://secunia.com/advisories/28333http://secunia.com/advisories/30161http://secunia.com/advisories/33937http://security.gentoo.org/glsa/glsa-200705-02.xmlhttp://security.gentoo.org/glsa/glsa-200705-10.xmlhttp://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.626733http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=498954http://sourceforge.net/project/shownotes.php?release_id=498954http://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1http://support.apple.com/kb/HT3438http://support.avaya.com/elmodocs2/security/ASA-2007-178.htmhttp://support.avaya.com/elmodocs2/security/ASA-2007-193.htmhttp://www.debian.org/security/2007/dsa-1294http://www.debian.org/security/2008/dsa-1454http://www.gentoo.org/security/en/glsa/glsa-200805-07.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2007:079http://www.mandriva.com/security/advisories?name=MDKSA-2007:080http://www.mandriva.com/security/advisories?name=MDKSA-2007:081http://www.novell.com/linux/security/advisories/2007_27_x.htmlhttp://www.novell.com/linux/security/advisories/2007_6_sr.htmlhttp://www.openbsd.org/errata39.html#021_xorghttp://www.openbsd.org/errata40.html#011_xorghttp://www.redhat.com/support/errata/RHSA-2007-0126.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0132.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0150.htmlhttp://www.securityfocus.com/archive/1/464686/100/0/threadedhttp://www.securityfocus.com/archive/1/464816/100/0/threadedhttp://www.securityfocus.com/bid/23283http://www.securityfocus.com/bid/23300http://www.securityfocus.com/bid/23402http://www.securitytracker.com/id?1017857http://www.trustix.org/errata/2007/0013/http://www.ubuntu.com/usn/usn-448-1http://www.vupen.com/english/advisories/2007/1217http://www.vupen.com/english/advisories/2007/1264http://www.vupen.com/english/advisories/2007/1548https://exchange.xforce.ibmcloud.com/vulnerabilities/33417https://issues.rpath.com/browse/RPL-1213https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11266https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1810http://issues.foresightlinux.org/browse/FL-223http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=501http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.htmlhttp://lists.apple.com/archives/security-announce/2009/Feb/msg00000.htmlhttp://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.htmlhttp://rhn.redhat.com/errata/RHSA-2007-0125.htmlhttp://secunia.com/advisories/24741http://secunia.com/advisories/24745http://secunia.com/advisories/24756http://secunia.com/advisories/24758http://secunia.com/advisories/24765http://secunia.com/advisories/24768http://secunia.com/advisories/24770http://secunia.com/advisories/24771http://secunia.com/advisories/24772http://secunia.com/advisories/24776http://secunia.com/advisories/24791http://secunia.com/advisories/24885http://secunia.com/advisories/24889http://secunia.com/advisories/24921http://secunia.com/advisories/24996http://secunia.com/advisories/25004http://secunia.com/advisories/25006http://secunia.com/advisories/25096http://secunia.com/advisories/25195http://secunia.com/advisories/25216http://secunia.com/advisories/25305http://secunia.com/advisories/25495http://secunia.com/advisories/28333http://secunia.com/advisories/30161http://secunia.com/advisories/33937http://security.gentoo.org/glsa/glsa-200705-02.xml
+ 36 more references
2007-04-06
Published