Lucene search

K
cveRedhatCVE-2007-1351
HistoryApr 06, 2007 - 1:19 a.m.

CVE-2007-1351

2007-04-0601:19:00
CWE-189
redhat
web.nvd.nist.gov
61
cve-2007-1351
integer overflow
bdfreadcharacters
x.org libxfont
freetype
code execution
bdf fonts
heap overflow

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

AI Score

7.7

Confidence

High

EPSS

0.05

Percentile

92.9%

Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.

Affected configurations

Nvd
Node
ubuntuubuntu_linuxMatch5.10amd64
OR
ubuntuubuntu_linuxMatch5.10i386
OR
ubuntuubuntu_linuxMatch5.10powerpc
OR
ubuntuubuntu_linuxMatch5.10sparc
OR
ubuntuubuntu_linuxMatch6.06_ltsamd64
OR
ubuntuubuntu_linuxMatch6.06_ltsi386
OR
ubuntuubuntu_linuxMatch6.06_ltspowerpc
OR
ubuntuubuntu_linuxMatch6.06_ltssparc
OR
ubuntuubuntu_linuxMatch6.10amd64
OR
ubuntuubuntu_linuxMatch6.10i386
OR
ubuntuubuntu_linuxMatch6.10powerpc
OR
ubuntuubuntu_linuxMatch6.10sparc
Node
x.orglibxfontMatch1.2.2
OR
xfree86_projectx11r6Match4.3.0
OR
xfree86_projectx11r6Match4.3.0.1
OR
xfree86_projectx11r6Match4.3.0.2
Node
rpathrpath_linuxMatch1
Node
redhatenterprise_linuxMatch2.1advanced_server
OR
redhatenterprise_linuxMatch2.1advanced_server_ia64
OR
redhatenterprise_linuxMatch2.1enterprise_server
OR
redhatenterprise_linuxMatch2.1enterprise_server_ia64
OR
redhatenterprise_linuxMatch2.1workstation
OR
redhatenterprise_linuxMatch2.1workstation_ia64
OR
redhatenterprise_linuxMatch3.0advanced_servers
OR
redhatenterprise_linuxMatch3.0enterprise_server
OR
redhatenterprise_linuxMatch3.0workstation
OR
redhatenterprise_linuxMatch4.0advanced_server
OR
redhatenterprise_linuxMatch4.0enterprise_server
OR
redhatenterprise_linuxMatch4.0workstation
OR
redhatenterprise_linuxMatch5.0desktop
OR
redhatenterprise_linuxMatch5.0desktop_workstation
OR
redhatenterprise_linuxMatch5.0server
OR
redhatenterprise_linux_desktopMatch3.0
OR
redhatenterprise_linux_desktopMatch4.0
OR
redhatlinux_advanced_workstationMatch2.1ia64
OR
redhatlinux_advanced_workstationMatch2.1itanium
Node
openbsdopenbsdMatch3.9
OR
openbsdopenbsdMatch4.0
Node
mandrakesoftmandrake_linuxMatch2007
OR
mandrakesoftmandrake_linuxMatch2007x86_64
OR
mandrakesoftmandrake_linux_corporate_serverMatch3.0
OR
mandrakesoftmandrake_linux_corporate_serverMatch3.0x86_64
OR
mandrakesoftmandrake_linux_corporate_serverMatch4.0
OR
mandrakesoftmandrake_linux_corporate_serverMatch4.0x86_64
AND
mandrakesoftmandrake_multi_network_firewallMatch2.0
VendorProductVersionCPE
ubuntuubuntu_linux5.10cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:amd64:*:*:*:*:*
ubuntuubuntu_linux5.10cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:i386:*:*:*:*:*
ubuntuubuntu_linux5.10cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:powerpc:*:*:*:*:*
ubuntuubuntu_linux5.10cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:sparc:*:*:*:*:*
ubuntuubuntu_linux6.06_ltscpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:amd64:*:*:*:*:*
ubuntuubuntu_linux6.06_ltscpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:i386:*:*:*:*:*
ubuntuubuntu_linux6.06_ltscpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:powerpc:*:*:*:*:*
ubuntuubuntu_linux6.06_ltscpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:sparc:*:*:*:*:*
ubuntuubuntu_linux6.10cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:amd64:*:*:*:*:*
ubuntuubuntu_linux6.10cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:i386:*:*:*:*:*
Rows per page:
1-10 of 451

References

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

AI Score

7.7

Confidence

High

EPSS

0.05

Percentile

92.9%