CVE-2007-1351: Integer Overflow
First published: Fri Apr 06 2007(Updated: )
Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ubuntu | =6.10 | |
| Ubuntu | =5.10 | |
| Ubuntu | =6.06_lts | |
| Ubuntu | =5.10 | |
| Ubuntu | =6.10 | |
| Ubuntu | =5.10 | |
| Ubuntu | =5.10 | |
| Ubuntu | =6.06_lts | |
| Ubuntu | =6.10 | |
| Ubuntu | =6.06_lts | |
| Ubuntu | =6.06_lts | |
| Ubuntu | =6.10 | |
| XFree86 X Server | =4.3.0.2 | |
| XFree86 X Server | =4.3.0 | |
| X.Org LibXfont | =1.2.2 | |
| XFree86 X Server | =4.3.0.1 | |
| Rpath Linux | =1 | |
| Red Hat Enterprise Linux | =2.1 | |
| Red Hat Enterprise Linux | =4.0 | |
| Red Hat Enterprise Linux | =5.0 | |
| redhat enterprise Linux desktop | =3.0 | |
| Red Hat Linux Advanced Workstation | =2.1 | |
| Red Hat Enterprise Linux | =4.0 | |
| Red Hat Enterprise Linux | =3.0 | |
| Red Hat Enterprise Linux | =5.0 | |
| Red Hat Enterprise Linux | =2.1 | |
| Red Hat Linux Advanced Workstation | =2.1 | |
| Red Hat Enterprise Linux | =2.1 | |
| Red Hat Enterprise Linux | =4.0 | |
| Red Hat Enterprise Linux | =3.0 | |
| Red Hat Enterprise Linux | =2.1 | |
| Red Hat Enterprise Linux | =3.0 | |
| Red Hat Enterprise Linux | =2.1 | |
| redhat enterprise Linux desktop | =4.0 | |
| Red Hat Enterprise Linux | =5.0 | |
| Red Hat Enterprise Linux | =2.1 | |
| OpenBSD | =3.9 | |
| OpenBSD | =4.0 | |
| Mandrake Linux | =2007 | |
| Mandrake Linux | =2007 | |
| Mandriva Linux Corporate Server | =3.0 | |
| Mandriva Linux Corporate Server | =3.0 | |
| Mandriva Linux Corporate Server | =4.0 | |
| Mandriva Linux Corporate Server | =4.0 | |
| Mandrakesoft Mandrake Multi Network Firewall | =2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=501
- http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html
- http://www.redhat.com/support/errata/RHSA-2007-0126.html
- http://www.ubuntu.com/usn/usn-448-1
- http://www.securityfocus.com/bid/23283
- http://www.securitytracker.com/id?1017857
- http://secunia.com/advisories/24741
- http://secunia.com/advisories/24756
- http://secunia.com/advisories/24770
- http://issues.foresightlinux.org/browse/FL-223
- http://sourceforge.net/project/shownotes.php?release_id=498954
- https://issues.rpath.com/browse/RPL-1213
- http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=498954
- http://rhn.redhat.com/errata/RHSA-2007-0125.html
- http://www.redhat.com/support/errata/RHSA-2007-0132.html
- http://secunia.com/advisories/24745
- http://secunia.com/advisories/24758
- http://secunia.com/advisories/24765
- http://secunia.com/advisories/24768
- http://secunia.com/advisories/24771
- http://secunia.com/advisories/24772
- http://secunia.com/advisories/24776
- http://secunia.com/advisories/24791
- http://www.redhat.com/support/errata/RHSA-2007-0150.html
- http://www.securityfocus.com/bid/23402
- http://secunia.com/advisories/24885
- http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.626733
- http://www.novell.com/linux/security/advisories/2007_6_sr.html
- http://www.novell.com/linux/security/advisories/2007_27_x.html
- http://secunia.com/advisories/24889
- http://secunia.com/advisories/25004
- http://secunia.com/advisories/24921
- http://secunia.com/advisories/24996
- http://www.openbsd.org/errata39.html#021_xorg
- http://www.openbsd.org/errata40.html#011_xorg
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1
- http://www.securityfocus.com/bid/23300
- http://secunia.com/advisories/25006
- http://security.gentoo.org/glsa/glsa-200705-02.xml
- http://security.gentoo.org/glsa/glsa-200705-10.xml
- http://secunia.com/advisories/25096
- http://secunia.com/advisories/25195
- http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm
- http://secunia.com/advisories/25216
- http://support.avaya.com/elmodocs2/security/ASA-2007-193.htm
- http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html
- http://www.debian.org/security/2007/dsa-1294
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:079
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:080
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:081
- http://secunia.com/advisories/25305
- http://secunia.com/advisories/25495
- http://www.debian.org/security/2008/dsa-1454
- http://secunia.com/advisories/28333
- http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
- http://secunia.com/advisories/30161
- http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
- http://secunia.com/advisories/33937
- http://support.apple.com/kb/HT3438
- http://www.vupen.com/english/advisories/2007/1548
- http://www.vupen.com/english/advisories/2007/1217
- http://www.vupen.com/english/advisories/2007/1264
- http://www.trustix.org/errata/2007/0013/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33417
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1810
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11266
- http://www.securityfocus.com/archive/1/464816/100/0/threaded
- http://www.securityfocus.com/archive/1/464686/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2007-1351?
CVE-2007-1351 is considered a critical vulnerability due to its potential to allow remote authenticated users to execute arbitrary code.
How do I fix CVE-2007-1351?
To fix CVE-2007-1351, update libXfont and freetype to a version later than 1.2.2 and 2.3.2 respectively.
Who is affected by CVE-2007-1351?
CVE-2007-1351 affects various versions of Ubuntu Linux, Red Hat Enterprise Linux, OpenBSD, and X.Org libXfont among others.
What types of vulnerabilities does CVE-2007-1351 represent?
CVE-2007-1351 represents an integer overflow vulnerability leading to a heap overflow.
Can CVE-2007-1351 be exploited remotely?
Yes, CVE-2007-1351 can be exploited remotely by authenticated users through the use of crafted BDF fonts.
- agent/references
- agent/type
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/ubuntu
- canonical/ubuntu
- version/ubuntu/6.10
- version/ubuntu/5.10
- version/ubuntu/6.06_lts
- vendor/xfree86 project
- canonical/xfree86 x server
- version/xfree86 x server/4.3.0.2
- version/xfree86 x server/4.3.0
- vendor/x.org
- canonical/x.org libxfont
- version/x.org libxfont/1.2.2
- version/xfree86 x server/4.3.0.1
- vendor/rpath
- canonical/rpath linux
- version/rpath linux/1
- vendor/redhat
- canonical/red hat enterprise linux
- version/red hat enterprise linux/2.1
- version/red hat enterprise linux/4.0
- version/red hat enterprise linux/5.0
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/3.0
- canonical/red hat linux advanced workstation
- version/red hat linux advanced workstation/2.1
- version/red hat enterprise linux/3.0
- version/redhat enterprise linux desktop/4.0
- vendor/openbsd
- canonical/openbsd
- version/openbsd/3.9
- version/openbsd/4.0
- vendor/mandrakesoft
- canonical/mandrake linux
- version/mandrake linux/2007
- canonical/mandriva linux corporate server
- version/mandriva linux corporate server/3.0
- version/mandriva linux corporate server/4.0
- canonical/mandrakesoft mandrake multi network firewall
- version/mandrakesoft mandrake multi network firewall/2.0