Home > Vulnerability Database > CVE-2007-1351

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2007-1351

Date: April 5, 2007

Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.

Severity Score

7.5

Related Resources (70)

Url: http://www.securityfocus.com/bid/23402

Url: http://www.redhat.com/support/errata/RHSA-2007-0132.html

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1

Url: http://www.securityfocus.com/archive/1/464686/100/0/threaded

Url: http://www.vupen.com/english/advisories/2007/1264

Url: http://secunia.com/advisories/24921

Url: http://secunia.com/advisories/24889

Url: http://www.novell.com/linux/security/advisories/2007_6_sr.html

Url: http://secunia.com/advisories/24768

Url: http://www.vupen.com/english/advisories/2007/1217

Url: http://secunia.com/advisories/24765

Url: http://secunia.com/advisories/25216

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2007:079

Url: http://issues.foresightlinux.org/browse/FL-223

Url: http://www.securityfocus.com/bid/23283

Url: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=501

Url: http://www.redhat.com/support/errata/RHSA-2007-0150.html

Url: http://secunia.com/advisories/25495

Url: http://rhn.redhat.com/errata/RHSA-2007-0125.html

Url: http://secunia.com/advisories/24885

Url: http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm

Url: http://secunia.com/advisories/25195

Url: http://secunia.com/advisories/30161

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11266

Url: https://issues.rpath.com/browse/RPL-1213

Url: http://www.openbsd.org/errata39.html#021_xorg

Url: http://www.debian.org/security/2007/dsa-1294

Url: http://secunia.com/advisories/24776

Url: http://sourceforge.net/project/shownotes.php?release_id=498954

Url: http://secunia.com/advisories/25305

Url: http://www.debian.org/security/2008/dsa-1454

Url: http://security.gentoo.org/glsa/glsa-200705-10.xml

Url: http://secunia.com/advisories/24770

Url: http://support.avaya.com/elmodocs2/security/ASA-2007-193.htm

Url: http://secunia.com/advisories/24771

Url: http://secunia.com/advisories/28333

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2007:080

Url: http://secunia.com/advisories/24772

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2007:081

Url: http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=498954

Url: http://www.securityfocus.com/bid/23300

Url: http://www.trustix.org/errata/2007/0013/

Url: http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html

Url: http://www.securitytracker.com/id?1017857

Url: http://www.securityfocus.com/archive/1/464816/100/0/threaded

Url: http://secunia.com/advisories/24745

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/33417

Url: http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml

Url: https://nvd.nist.gov/vuln/detail/CVE-2007-1351

Url: http://support.apple.com/kb/HT3438

Url: http://www.ubuntu.com/usn/usn-448-1

Url: http://secunia.com/advisories/24741

Url: http://www.redhat.com/support/errata/RHSA-2007-0126.html

Url: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.626733

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1810

Url: http://secunia.com/advisories/25096

Url: http://www.novell.com/linux/security/advisories/2007_27_x.html

Url: http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html

Url: http://secunia.com/advisories/24756

Url: http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html

Url: http://secunia.com/advisories/24996

Url: http://secunia.com/advisories/24758

Url: http://www.vupen.com/english/advisories/2007/1548

Url: http://secunia.com/advisories/33937

Url: http://www.openbsd.org/errata40.html#011_xorg

Url: http://secunia.com/advisories/24791

Url: http://security.gentoo.org/glsa/glsa-200705-02.xml

Url: http://secunia.com/advisories/25006

Url: http://secunia.com/advisories/25004

Url: https://www.mend.io/vulnerability-database/CVE-2007-1351

Severity Score

7.5

Weakness Type (CWE)

Numeric Errors

CWE-189

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	8.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	SINGLE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Do you need more information?

Contact Us