CVE-2007-1351

CWE-18912 documents8 sources

Severity

8.5HIGH

EPSS

7.8%

top 8.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mandrakesoft Mandrake Multi Network Firewall Openbsd Openbsd Redhat Enterprise Linux +6 more

Timeline

PublishedApr 6

Latest updateMay 1

Description

Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 6.8 | Impact: 10.0

Affected Packages9 packages

▶Debianfreetype< 2.3.5-1+3

▶Debianlibxfont< 1:1.2.2-2+3

▶NVDx.org/libxfont1.2.2

▶NVDopenbsd/openbsd3.9, 4.0+1

▶NVDrpath/rpath_linux1

Also affects: Ubuntu Linux 5.10, 6.06_lts, 6.10, Enterprise Linux 2.1, 3.0, 4.0, 5.0

Patches

Patch: labs.idefense.com ↗Patch: www.securityfocus.com ↗Patch: labs.idefense.com ↗

🔴Vulnerability Details

GHSA

GHSA-cmmx-w757-8p75: Integer overflow in the bdfReadCharacters function in bdfread↗2022-05-01

▶

CVEList

CVE-2007-1351: Integer overflow in the bdfReadCharacters function in bdfread↗2007-04-06

▶

OSV

CVE-2007-1351: Integer overflow in the bdfReadCharacters function in bdfread↗2007-04-06

▶

📋Vendor Advisories

Red Hat

Multiple font integer overflows (CVE-2007-1352)↗2007-04-03

▶

Ubuntu

X.org vulnerabilities↗2007-04-03

▶

Debian

CVE-2007-1351: freetype - Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org lib...↗2007

▶

💬Community

Bugzilla

CVE-2007-1351 Multiple font integer overflows (CVE-2007-1352)↗2007-04-04

▶

Bugzilla

CVE-2007-1351 BDF font integer overflow↗2007-03-27

▶

Bugzilla

CVE-2007-1351 Multiple font integer overflows (CVE-2007-1352)↗2007-03-26

▶

Bugzilla

CVE-2007-1351 Multiple font integer overflows (CVE-2007-1352)↗2007-03-26

▶

Bugzilla

CVE-2007-1351 Multiple font integer overflows (CVE-2007-1352)↗2007-03-26

▶