CVE-2007-1351: Integer Overflow
First published: Fri Apr 06 2007(Updated: )
Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ubuntu Ubuntu Linux | =6.10 | |
| Ubuntu Ubuntu Linux | =5.10 | |
| Ubuntu Ubuntu Linux | =6.06_lts | |
| Ubuntu Ubuntu Linux | =5.10 | |
| Ubuntu Ubuntu Linux | =6.10 | |
| Ubuntu Ubuntu Linux | =5.10 | |
| Ubuntu Ubuntu Linux | =5.10 | |
| Ubuntu Ubuntu Linux | =6.06_lts | |
| Ubuntu Ubuntu Linux | =6.10 | |
| Ubuntu Ubuntu Linux | =6.06_lts | |
| Ubuntu Ubuntu Linux | =6.06_lts | |
| Ubuntu Ubuntu Linux | =6.10 | |
| Xfree86 Project X11r6 | =4.3.0.2 | |
| Xfree86 Project X11r6 | =4.3.0 | |
| X.Org libXfont | =1.2.2 | |
| Xfree86 Project X11r6 | =4.3.0.1 | |
| Rpath Rpath Linux | =1 | |
| Redhat Enterprise Linux | =2.1 | |
| Redhat Enterprise Linux | =4.0 | |
| Redhat Enterprise Linux | =5.0 | |
| Redhat Enterprise Linux Desktop | =3.0 | |
| Redhat Linux Advanced Workstation | =2.1 | |
| Redhat Enterprise Linux | =4.0 | |
| Redhat Enterprise Linux | =3.0 | |
| Redhat Enterprise Linux | =5.0 | |
| Redhat Enterprise Linux | =2.1 | |
| Redhat Linux Advanced Workstation | =2.1 | |
| Redhat Enterprise Linux | =2.1 | |
| Redhat Enterprise Linux | =4.0 | |
| Redhat Enterprise Linux | =3.0 | |
| Redhat Enterprise Linux | =2.1 | |
| Redhat Enterprise Linux | =3.0 | |
| Redhat Enterprise Linux | =2.1 | |
| Redhat Enterprise Linux Desktop | =4.0 | |
| Redhat Enterprise Linux | =5.0 | |
| Redhat Enterprise Linux | =2.1 | |
| Openbsd Openbsd | =3.9 | |
| Openbsd Openbsd | =4.0 | |
| Mandrakesoft Mandrake Linux | =2007 | |
| Mandrakesoft Mandrake Linux | =2007 | |
| Mandrakesoft Mandrake Linux Corporate Server | =3.0 | |
| Mandrakesoft Mandrake Linux Corporate Server | =3.0 | |
| Mandrakesoft Mandrake Linux Corporate Server | =4.0 | |
| Mandrakesoft Mandrake Linux Corporate Server | =4.0 | |
| Mandrakesoft Mandrake Multi Network Firewall | =2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=501
- http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html
- http://www.redhat.com/support/errata/RHSA-2007-0126.html
- http://www.ubuntu.com/usn/usn-448-1
- http://www.securityfocus.com/bid/23283
- http://www.securitytracker.com/id?1017857
- http://secunia.com/advisories/24741
- http://secunia.com/advisories/24756
- http://secunia.com/advisories/24770
- http://issues.foresightlinux.org/browse/FL-223
- http://sourceforge.net/project/shownotes.php?release_id=498954
- https://issues.rpath.com/browse/RPL-1213
- http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=498954
- http://rhn.redhat.com/errata/RHSA-2007-0125.html
- http://www.redhat.com/support/errata/RHSA-2007-0132.html
- http://secunia.com/advisories/24745
- http://secunia.com/advisories/24758
- http://secunia.com/advisories/24765
- http://secunia.com/advisories/24768
- http://secunia.com/advisories/24771
- http://secunia.com/advisories/24772
- http://secunia.com/advisories/24776
- http://secunia.com/advisories/24791
- http://www.redhat.com/support/errata/RHSA-2007-0150.html
- http://www.securityfocus.com/bid/23402
- http://secunia.com/advisories/24885
- http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.626733
- http://www.novell.com/linux/security/advisories/2007_6_sr.html
- http://www.novell.com/linux/security/advisories/2007_27_x.html
- http://secunia.com/advisories/24889
- http://secunia.com/advisories/25004
- http://secunia.com/advisories/24921
- http://secunia.com/advisories/24996
- http://www.openbsd.org/errata39.html#021_xorg
- http://www.openbsd.org/errata40.html#011_xorg
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1
- http://www.securityfocus.com/bid/23300
- http://secunia.com/advisories/25006
- http://security.gentoo.org/glsa/glsa-200705-02.xml
- http://security.gentoo.org/glsa/glsa-200705-10.xml
- http://secunia.com/advisories/25096
- http://secunia.com/advisories/25195
- http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm
- http://secunia.com/advisories/25216
- http://support.avaya.com/elmodocs2/security/ASA-2007-193.htm
- http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html
- http://www.debian.org/security/2007/dsa-1294
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:079
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:080
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:081
- http://secunia.com/advisories/25305
- http://secunia.com/advisories/25495
- http://www.debian.org/security/2008/dsa-1454
- http://secunia.com/advisories/28333
- http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
- http://secunia.com/advisories/30161
- http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
- http://secunia.com/advisories/33937
- http://support.apple.com/kb/HT3438
- http://www.vupen.com/english/advisories/2007/1548
- http://www.vupen.com/english/advisories/2007/1217
- http://www.vupen.com/english/advisories/2007/1264
- http://www.trustix.org/errata/2007/0013/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33417
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1810
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11266
- http://www.securityfocus.com/archive/1/464816/100/0/threaded
- http://www.securityfocus.com/archive/1/464686/100/0/threaded
- collector/nvd-historical
- collector/nvd-index
- agent/severity
- agent/author
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/remedy
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/ubuntu
- canonical/ubuntu ubuntu linux
- version/ubuntu ubuntu linux/6.10
- version/ubuntu ubuntu linux/5.10
- version/ubuntu ubuntu linux/6.06_lts
- vendor/xfree86 project
- canonical/xfree86 project x11r6
- version/xfree86 project x11r6/4.3.0.2
- version/xfree86 project x11r6/4.3.0
- vendor/x.org
- canonical/x.org libxfont
- version/x.org libxfont/1.2.2
- version/xfree86 project x11r6/4.3.0.1
- vendor/rpath
- canonical/rpath rpath linux
- version/rpath rpath linux/1
- vendor/redhat
- canonical/redhat enterprise linux
- version/redhat enterprise linux/2.1
- version/redhat enterprise linux/4.0
- version/redhat enterprise linux/5.0
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/3.0
- canonical/redhat linux advanced workstation
- version/redhat linux advanced workstation/2.1
- version/redhat enterprise linux/3.0
- version/redhat enterprise linux desktop/4.0
- vendor/openbsd
- canonical/openbsd openbsd
- version/openbsd openbsd/3.9
- version/openbsd openbsd/4.0
- vendor/mandrakesoft
- canonical/mandrakesoft mandrake linux
- version/mandrakesoft mandrake linux/2007
- canonical/mandrakesoft mandrake linux corporate server
- version/mandrakesoft mandrake linux corporate server/3.0
- version/mandrakesoft mandrake linux corporate server/4.0
- canonical/mandrakesoft mandrake multi network firewall
- version/mandrakesoft mandrake multi network firewall/2.0