Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.
issues.foresightlinux.org/browse/FL-223
labs.idefense.com/intelligence/vulnerabilities/display.php?id=501
lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html
lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html
rhn.redhat.com/errata/RHSA-2007-0125.html
secunia.com/advisories/24741
secunia.com/advisories/24745
secunia.com/advisories/24756
secunia.com/advisories/24758
secunia.com/advisories/24765
secunia.com/advisories/24768
secunia.com/advisories/24770
secunia.com/advisories/24771
secunia.com/advisories/24772
secunia.com/advisories/24776
secunia.com/advisories/24791
secunia.com/advisories/24885
secunia.com/advisories/24889
secunia.com/advisories/24921
secunia.com/advisories/24996
secunia.com/advisories/25004
secunia.com/advisories/25006
secunia.com/advisories/25096
secunia.com/advisories/25195
secunia.com/advisories/25216
secunia.com/advisories/25305
secunia.com/advisories/25495
secunia.com/advisories/28333
secunia.com/advisories/30161
secunia.com/advisories/33937
security.gentoo.org/glsa/glsa-200705-02.xml
security.gentoo.org/glsa/glsa-200705-10.xml
slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.626733
sourceforge.net/project/shownotes.php?group_id=3157&release_id=498954
sourceforge.net/project/shownotes.php?release_id=498954
sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1
support.apple.com/kb/HT3438
support.avaya.com/elmodocs2/security/ASA-2007-178.htm
support.avaya.com/elmodocs2/security/ASA-2007-193.htm
www.debian.org/security/2007/dsa-1294
www.debian.org/security/2008/dsa-1454
www.gentoo.org/security/en/glsa/glsa-200805-07.xml
www.mandriva.com/security/advisories?name=MDKSA-2007:079
www.mandriva.com/security/advisories?name=MDKSA-2007:080
www.mandriva.com/security/advisories?name=MDKSA-2007:081
www.novell.com/linux/security/advisories/2007_27_x.html
www.novell.com/linux/security/advisories/2007_6_sr.html
www.openbsd.org/errata39.html#021_xorg
www.openbsd.org/errata40.html#011_xorg
www.redhat.com/support/errata/RHSA-2007-0126.html
www.redhat.com/support/errata/RHSA-2007-0132.html
www.redhat.com/support/errata/RHSA-2007-0150.html
www.securityfocus.com/archive/1/464686/100/0/threaded
www.securityfocus.com/archive/1/464816/100/0/threaded
www.securityfocus.com/bid/23283
www.securityfocus.com/bid/23300
www.securityfocus.com/bid/23402
www.securitytracker.com/id?1017857
www.trustix.org/errata/2007/0013/
www.ubuntu.com/usn/usn-448-1
www.vupen.com/english/advisories/2007/1217
www.vupen.com/english/advisories/2007/1264
www.vupen.com/english/advisories/2007/1548
exchange.xforce.ibmcloud.com/vulnerabilities/33417
issues.rpath.com/browse/RPL-1213
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11266
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1810