CVE-2007-1351 - Vulnerability Details

Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mandrakesoft	Mandrake Linux Mandrake Linux Corporate Server Mandrake Multi Network Firewall
Openbsd	Openbsd
Redhat	Enterprise Linux Enterprise Linux Desktop Linux Advanced Workstation
Rpath	Rpath Linux
Ubuntu	Ubuntu Linux
X.org	Libxfont
Xfree86 Project	X11r6

Configuration 1 [-]

OR	cpe:2.3:o:ubuntu:ubuntu_linux:5.10::amd64:::::
	cpe:2.3:o:ubuntu:ubuntu_linux:5.10::i386:::::
	cpe:2.3:o:ubuntu:ubuntu_linux:5.10::powerpc:::::
	cpe:2.3:o:ubuntu:ubuntu_linux:5.10::sparc:::::
	cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts::amd64:::::
	cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts::i386:::::
	cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts::powerpc:::::
	cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts::sparc:::::
	cpe:2.3:o:ubuntu:ubuntu_linux:6.10::amd64:::::
	cpe:2.3:o:ubuntu:ubuntu_linux:6.10::i386:::::
	cpe:2.3:o:ubuntu:ubuntu_linux:6.10::powerpc:::::
	cpe:2.3:o:ubuntu:ubuntu_linux:6.10::sparc:::::

Configuration 2 [-]

OR	cpe:2.3:a:x.org:libxfont:1.2.2:::::::*
	cpe:2.3:a:xfree86_project:x11r6:4.3.0:::::::*
	cpe:2.3:a:xfree86_project:x11r6:4.3.0.1:::::::*
	cpe:2.3:a:xfree86_project:x11r6:4.3.0.2:::::::*

Configuration 3 [-]

cpe:2.3:o:rpath:rpath_linux:1:*:*:*:*:*:*:*

Configuration 4 [-]

OR	cpe:2.3:o:redhat:enterprise_linux:2.1::advanced_server:::::
	cpe:2.3:o:redhat:enterprise_linux:2.1::advanced_server_ia64:::::
	cpe:2.3:o:redhat:enterprise_linux:2.1::enterprise_server:::::
	cpe:2.3:o:redhat:enterprise_linux:2.1::enterprise_server_ia64:::::
	cpe:2.3:o:redhat:enterprise_linux:2.1::workstation:::::
	cpe:2.3:o:redhat:enterprise_linux:2.1::workstation_ia64:::::
	cpe:2.3:o:redhat:enterprise_linux:3.0::advanced_servers:::::
	cpe:2.3:o:redhat:enterprise_linux:3.0::enterprise_server:::::
	cpe:2.3:o:redhat:enterprise_linux:3.0::workstation:::::
	cpe:2.3:o:redhat:enterprise_linux:4.0::advanced_server:::::
	cpe:2.3:o:redhat:enterprise_linux:4.0::enterprise_server:::::
	cpe:2.3:o:redhat:enterprise_linux:4.0::workstation:::::
	cpe:2.3:o:redhat:enterprise_linux:5.0::desktop:::::
	cpe:2.3:o:redhat:enterprise_linux:5.0::desktop_workstation:::::
	cpe:2.3:o:redhat:enterprise_linux:5.0::server:::::
	cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:::::::*
	cpe:2.3:o:redhat:linux_advanced_workstation:2.1::ia64:::::
	cpe:2.3:o:redhat:linux_advanced_workstation:2.1::itanium:::::

Configuration 5 [-]

OR	cpe:2.3:o:openbsd:openbsd:3.9:::::::*
	cpe:2.3:o:openbsd:openbsd:4.0:::::::*

Configuration 6 [-]

AND

OR	cpe:2.3:o:mandrakesoft:mandrake_linux:2007:::::::*
	cpe:2.3:o:mandrakesoft:mandrake_linux:2007::x86_64:::::
	cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:::::::*
	cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:::::
	cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:::::::*
	cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:::::

cpe:2.3:a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 2.1
XFree86-0:4.1.0-82.EL	cpe:/o:redhat:enterprise_linux:2.1	RHSA-2007:0125	2007-04-03T00:00:00Z
Red Hat Enterprise Linux 3
XFree86-0:4.3.0-120.EL	cpe:/o:redhat:enterprise_linux:3	RHSA-2007:0125	2007-04-03T00:00:00Z
freetype-0:2.1.4-6.el3	cpe:/o:redhat:enterprise_linux:3	RHSA-2007:0150	2007-04-16T00:00:00Z
Red Hat Enterprise Linux 4
xorg-x11-0:6.8.2-1.EL.13.37.7	cpe:/o:redhat:enterprise_linux:4	RHSA-2007:0126	2007-04-03T00:00:00Z
freetype-0:2.1.9-5.el4	cpe:/o:redhat:enterprise_linux:4	RHSA-2007:0150	2007-04-16T00:00:00Z
Red Hat Enterprise Linux 5
libXfont-0:1.2.2-1.0.2.el5	cpe:/o:redhat:enterprise_linux:5	RHSA-2007:0132	2007-04-03T00:00:00Z
freetype-0:2.2.1-17.el5	cpe:/o:redhat:enterprise_linux:5	RHSA-2007:0150	2007-04-16T00:00:00Z

References

Link	Providers
http://issues.foresightlinux.org/browse/FL-223
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=501
http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html
http://rhn.redhat.com/errata/RHSA-2007-0125.html
http://secunia.com/advisories/24741
http://secunia.com/advisories/24745
http://secunia.com/advisories/24756
http://secunia.com/advisories/24758
http://secunia.com/advisories/24765
http://secunia.com/advisories/24768
http://secunia.com/advisories/24770
http://secunia.com/advisories/24771
http://secunia.com/advisories/24772
http://secunia.com/advisories/24776
http://secunia.com/advisories/24791
http://secunia.com/advisories/24885
http://secunia.com/advisories/24889
http://secunia.com/advisories/24921
http://secunia.com/advisories/24996
http://secunia.com/advisories/25004
http://secunia.com/advisories/25006
http://secunia.com/advisories/25096
http://secunia.com/advisories/25195
http://secunia.com/advisories/25216
http://secunia.com/advisories/25305
http://secunia.com/advisories/25495
http://secunia.com/advisories/28333
http://secunia.com/advisories/30161
http://secunia.com/advisories/33937
http://security.gentoo.org/glsa/glsa-200705-02.xml
http://security.gentoo.org/glsa/glsa-200705-10.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.626733
http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=498954
http://sourceforge.net/project/shownotes.php?release_id=498954
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1
http://support.apple.com/kb/HT3438
http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm
http://support.avaya.com/elmodocs2/security/ASA-2007-193.htm
http://www.debian.org/security/2007/dsa-1294
http://www.debian.org/security/2008/dsa-1454
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:079
http://www.mandriva.com/security/advisories?name=MDKSA-2007:080
http://www.mandriva.com/security/advisories?name=MDKSA-2007:081
http://www.novell.com/linux/security/advisories/2007_27_x.html
http://www.novell.com/linux/security/advisories/2007_6_sr.html
http://www.openbsd.org/errata39.html#021_xorg
http://www.openbsd.org/errata40.html#011_xorg
http://www.redhat.com/support/errata/RHSA-2007-0126.html
http://www.redhat.com/support/errata/RHSA-2007-0132.html
http://www.redhat.com/support/errata/RHSA-2007-0150.html
http://www.securityfocus.com/archive/1/464686/100/0/threaded
http://www.securityfocus.com/archive/1/464816/100/0/threaded
http://www.securityfocus.com/bid/23283
http://www.securityfocus.com/bid/23300
http://www.securityfocus.com/bid/23402
http://www.securitytracker.com/id?1017857
http://www.trustix.org/errata/2007/0013/
http://www.ubuntu.com/usn/usn-448-1
http://www.vupen.com/english/advisories/2007/1217
http://www.vupen.com/english/advisories/2007/1264
http://www.vupen.com/english/advisories/2007/1548
https://exchange.xforce.ibmcloud.com/vulnerabilities/33417
https://issues.rpath.com/browse/RPL-1213
https://nvd.nist.gov/vuln/detail/CVE-2007-1351
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11266
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1810
https://www.cve.org/CVERecord?id=CVE-2007-1351

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2007-04-06T01:00:00

Updated: 2024-08-07T12:50:35.134Z

Reserved: 2007-03-08T00:00:00

Link: CVE-2007-1351

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-04-06T01:19:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-1351

Redhat

Severity : Important

Publid Date: 2007-04-03T00:00:00Z

Links: CVE-2007-1351 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-04-03T00:00:00", "descriptions": [{"lang": "en", "value": "Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2007:0150", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0150.html"}, {"name": "24745", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24745"}, {"name": "24921", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24921"}, {"name": "oval:org.mitre.oval:def:1810", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1810"}, {"name": "33937", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33937"}, {"name": "2007-0013", "tags": ["vendor-advisory", "x_refsource_TRUSTIX"], "url": "http://www.trustix.org/errata/2007/0013/"}, {"name": "24771", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24771"}, {"name": "GLSA-200705-02", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200705-02.xml"}, {"name": "24889", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24889"}, {"name": "24770", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24770"}, {"name": "25006", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25006"}, {"name": "24756", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24756"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=498954"}, {"name": "25495", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25495"}, {"name": "24996", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24996"}, {"name": "23283", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/23283"}, {"name": "RHSA-2007:0126", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0126.html"}, {"name": "23300", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/23300"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT3438"}, {"name": "GLSA-200705-10", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200705-10.xml"}, {"name": "USN-448-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-448-1"}, {"name": "APPLE-SA-2009-02-12", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"}, {"name": "MDKSA-2007:080", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:080"}, {"name": "SSA:2007-109-01", "tags": ["vendor-advisory", "x_refsource_SLACKWARE"], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.626733"}, {"name": "SUSE-SR:2007:006", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2007_6_sr.html"}, {"name": "MDKSA-2007:081", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:081"}, {"name": "DSA-1454", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2008/dsa-1454"}, {"name": "24758", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24758"}, {"name": "ADV-2007-1264", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/1264"}, {"name": "1017857", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1017857"}, {"name": "24885", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24885"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm"}, {"name": "25096", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25096"}, {"name": "25195", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25195"}, {"name": "RHSA-2007:0125", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2007-0125.html"}, {"name": "24741", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24741"}, {"name": "APPLE-SA-2007-11-14", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html"}, {"name": "24776", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24776"}, {"name": "28333", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28333"}, {"name": "24768", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24768"}, {"name": "[xorg-announce] 20070403 various integer overflow vulnerabilites in xserver, libX11 and libXfont", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html"}, {"name": "24791", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24791"}, {"name": "SUSE-SA:2007:027", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2007_27_x.html"}, {"name": "30161", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30161"}, {"name": "GLSA-200805-07", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/project/shownotes.php?release_id=498954"}, {"name": "DSA-1294", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2007/dsa-1294"}, {"name": "24765", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24765"}, {"name": "25216", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25216"}, {"name": "20070403 Multiple Vendor X Server BDF Font Parsing Integer Overflow Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=501"}, {"name": "20070404 rPSA-2007-0065-1 freetype xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/464686/100/0/threaded"}, {"name": "20070405 FLEA-2007-0009-1: xorg-x11 freetype", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/464816/100/0/threaded"}, {"name": "ADV-2007-1548", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/1548"}, {"name": "xorg-bdf-font-bo(33417)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33417"}, {"name": "102886", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1"}, {"name": "ADV-2007-1217", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/1217"}, {"name": "[4.0] 011: SECURITY FIX: April 4, 2007", "tags": ["vendor-advisory", "x_refsource_OPENBSD"], "url": "http://www.openbsd.org/errata40.html#011_xorg"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://issues.rpath.com/browse/RPL-1213"}, {"name": "23402", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/23402"}, {"name": "25004", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25004"}, {"name": "25305", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25305"}, {"name": "oval:org.mitre.oval:def:11266", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11266"}, {"name": "RHSA-2007:0132", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0132.html"}, {"name": "24772", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24772"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-193.htm"}, {"name": "[3.9] 021: SECURITY FIX: April 4, 2007", "tags": ["vendor-advisory", "x_refsource_OPENBSD"], "url": "http://www.openbsd.org/errata39.html#021_xorg"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://issues.foresightlinux.org/browse/FL-223"}, {"name": "MDKSA-2007:079", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:079"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2007-1351", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "RHSA-2007:0150", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-0150.html"}, {"name": "24745", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24745"}, {"name": "24921", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24921"}, {"name": "oval:org.mitre.oval:def:1810", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1810"}, {"name": "33937", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33937"}, {"name": "2007-0013", "refsource": "TRUSTIX", "url": "http://www.trustix.org/errata/2007/0013/"}, {"name": "24771", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24771"}, {"name": "GLSA-200705-02", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200705-02.xml"}, {"name": "24889", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24889"}, {"name": "24770", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24770"}, {"name": "25006", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25006"}, {"name": "24756", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24756"}, {"name": "http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=498954", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=498954"}, {"name": "25495", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25495"}, {"name": "24996", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24996"}, {"name": "23283", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23283"}, {"name": "RHSA-2007:0126", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-0126.html"}, {"name": "23300", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23300"}, {"name": "http://support.apple.com/kb/HT3438", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3438"}, {"name": "GLSA-200705-10", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200705-10.xml"}, {"name": "USN-448-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-448-1"}, {"name": "APPLE-SA-2009-02-12", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"}, {"name": "MDKSA-2007:080", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:080"}, {"name": "SSA:2007-109-01", "refsource": "SLACKWARE", "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.626733"}, {"name": "SUSE-SR:2007:006", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2007_6_sr.html"}, {"name": "MDKSA-2007:081", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:081"}, {"name": "DSA-1454", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2008/dsa-1454"}, {"name": "24758", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24758"}, {"name": "ADV-2007-1264", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1264"}, {"name": "1017857", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1017857"}, {"name": "24885", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24885"}, {"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm"}, {"name": "25096", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25096"}, {"name": "25195", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25195"}, {"name": "RHSA-2007:0125", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2007-0125.html"}, {"name": "24741", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24741"}, {"name": "APPLE-SA-2007-11-14", "refsource": "APPLE", "url": "http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html"}, {"name": "24776", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24776"}, {"name": "28333", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28333"}, {"name": "24768", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24768"}, {"name": "[xorg-announce] 20070403 various integer overflow vulnerabilites in xserver, libX11 and libXfont", "refsource": "MLIST", "url": "http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html"}, {"name": "24791", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24791"}, {"name": "SUSE-SA:2007:027", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2007_27_x.html"}, {"name": "30161", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30161"}, {"name": "GLSA-200805-07", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"}, {"name": "http://sourceforge.net/project/shownotes.php?release_id=498954", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?release_id=498954"}, {"name": "DSA-1294", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2007/dsa-1294"}, {"name": "24765", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24765"}, {"name": "25216", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25216"}, {"name": "20070403 Multiple Vendor X Server BDF Font Parsing Integer Overflow Vulnerability", "refsource": "IDEFENSE", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=501"}, {"name": "20070404 rPSA-2007-0065-1 freetype xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/464686/100/0/threaded"}, {"name": "20070405 FLEA-2007-0009-1: xorg-x11 freetype", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/464816/100/0/threaded"}, {"name": "ADV-2007-1548", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1548"}, {"name": "xorg-bdf-font-bo(33417)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33417"}, {"name": "102886", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1"}, {"name": "ADV-2007-1217", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1217"}, {"name": "[4.0] 011: SECURITY FIX: April 4, 2007", "refsource": "OPENBSD", "url": "http://www.openbsd.org/errata40.html#011_xorg"}, {"name": "https://issues.rpath.com/browse/RPL-1213", "refsource": "CONFIRM", "url": "https://issues.rpath.com/browse/RPL-1213"}, {"name": "23402", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23402"}, {"name": "25004", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25004"}, {"name": "25305", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25305"}, {"name": "oval:org.mitre.oval:def:11266", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11266"}, {"name": "RHSA-2007:0132", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-0132.html"}, {"name": "24772", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24772"}, {"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-193.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-193.htm"}, {"name": "[3.9] 021: SECURITY FIX: April 4, 2007", "refsource": "OPENBSD", "url": "http://www.openbsd.org/errata39.html#021_xorg"}, {"name": "http://issues.foresightlinux.org/browse/FL-223", "refsource": "CONFIRM", "url": "http://issues.foresightlinux.org/browse/FL-223"}, {"name": "MDKSA-2007:079", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:079"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T12:50:35.134Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2007:0150", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0150.html"}, {"name": "24745", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24745"}, {"name": "24921", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24921"}, {"name": "oval:org.mitre.oval:def:1810", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1810"}, {"name": "33937", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/33937"}, {"name": "2007-0013", "tags": ["vendor-advisory", "x_refsource_TRUSTIX", "x_transferred"], "url": "http://www.trustix.org/errata/2007/0013/"}, {"name": "24771", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24771"}, {"name": "GLSA-200705-02", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200705-02.xml"}, {"name": "24889", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24889"}, {"name": "24770", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24770"}, {"name": "25006", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25006"}, {"name": "24756", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24756"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=498954"}, {"name": "25495", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25495"}, {"name": "24996", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24996"}, {"name": "23283", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/23283"}, {"name": "RHSA-2007:0126", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0126.html"}, {"name": "23300", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/23300"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.apple.com/kb/HT3438"}, {"name": "GLSA-200705-10", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200705-10.xml"}, {"name": "USN-448-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/usn-448-1"}, {"name": "APPLE-SA-2009-02-12", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"}, {"name": "MDKSA-2007:080", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:080"}, {"name": "SSA:2007-109-01", "tags": ["vendor-advisory", "x_refsource_SLACKWARE", "x_transferred"], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.626733"}, {"name": "SUSE-SR:2007:006", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://www.novell.com/linux/security/advisories/2007_6_sr.html"}, {"name": "MDKSA-2007:081", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:081"}, {"name": "DSA-1454", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2008/dsa-1454"}, {"name": "24758", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24758"}, {"name": "ADV-2007-1264", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/1264"}, {"name": "1017857", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1017857"}, {"name": "24885", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24885"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm"}, {"name": "25096", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25096"}, {"name": "25195", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25195"}, {"name": "RHSA-2007:0125", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2007-0125.html"}, {"name": "24741", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24741"}, {"name": "APPLE-SA-2007-11-14", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html"}, {"name": "24776", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24776"}, {"name": "28333", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28333"}, {"name": "24768", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24768"}, {"name": "[xorg-announce] 20070403 various integer overflow vulnerabilites in xserver, libX11 and libXfont", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html"}, {"name": "24791", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24791"}, {"name": "SUSE-SA:2007:027", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://www.novell.com/linux/security/advisories/2007_27_x.html"}, {"name": "30161", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30161"}, {"name": "GLSA-200805-07", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sourceforge.net/project/shownotes.php?release_id=498954"}, {"name": "DSA-1294", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2007/dsa-1294"}, {"name": "24765", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24765"}, {"name": "25216", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25216"}, {"name": "20070403 Multiple Vendor X Server BDF Font Parsing Integer Overflow Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE", "x_transferred"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=501"}, {"name": "20070404 rPSA-2007-0065-1 freetype xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/464686/100/0/threaded"}, {"name": "20070405 FLEA-2007-0009-1: xorg-x11 freetype", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/464816/100/0/threaded"}, {"name": "ADV-2007-1548", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/1548"}, {"name": "xorg-bdf-font-bo(33417)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33417"}, {"name": "102886", "tags": ["vendor-advisory", "x_refsource_SUNALERT", "x_transferred"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1"}, {"name": "ADV-2007-1217", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/1217"}, {"name": "[4.0] 011: SECURITY FIX: April 4, 2007", "tags": ["vendor-advisory", "x_refsource_OPENBSD", "x_transferred"], "url": "http://www.openbsd.org/errata40.html#011_xorg"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://issues.rpath.com/browse/RPL-1213"}, {"name": "23402", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/23402"}, {"name": "25004", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25004"}, {"name": "25305", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25305"}, {"name": "oval:org.mitre.oval:def:11266", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11266"}, {"name": "RHSA-2007:0132", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0132.html"}, {"name": "24772", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24772"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-193.htm"}, {"name": "[3.9] 021: SECURITY FIX: April 4, 2007", "tags": ["vendor-advisory", "x_refsource_OPENBSD", "x_transferred"], "url": "http://www.openbsd.org/errata39.html#021_xorg"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://issues.foresightlinux.org/browse/FL-223"}, {"name": "MDKSA-2007:079", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:079"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2007-1351", "datePublished": "2007-04-06T01:00:00", "dateReserved": "2007-03-08T00:00:00", "dateUpdated": "2024-08-07T12:50:35.134Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:amd64:*:*:*:*:*", "matchCriteriaId": "86FD134D-A5C5-4B08-962D-70CF07C74923", "vulnerable": true}, {"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:i386:*:*:*:*:*", "matchCriteriaId": "FA84692E-F99D-4207-B4F2-799A6ADB88AD", "vulnerable": true}, {"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:powerpc:*:*:*:*:*", "matchCriteriaId": "8B0F1091-4B76-44F5-B896-6D37E2F909A2", "vulnerable": true}, {"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:sparc:*:*:*:*:*", "matchCriteriaId": "EF15862D-6108-4791-8817-622123C8D10C", "vulnerable": true}, {"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:amd64:*:*:*:*:*", "matchCriteriaId": "F1672825-AB87-4402-A628-B33AE5B7D4C8", "vulnerable": true}, {"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:i386:*:*:*:*:*", "matchCriteriaId": "939216D8-9E6C-419E-BC0A-EC7F0F29CE95", "vulnerable": true}, {"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:powerpc:*:*:*:*:*", "matchCriteriaId": "E520564E-964D-4758-945B-5EF0C35E605C", "vulnerable": true}, {"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:sparc:*:*:*:*:*", "matchCriteriaId": "2294D5A7-7B36-497A-B0F1-514BC49E1423", "vulnerable": true}, {"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:amd64:*:*:*:*:*", "matchCriteriaId": "AB80939E-8B58-48B6-AFB7-9CF518C0EE1F", "vulnerable": true}, {"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:i386:*:*:*:*:*", "matchCriteriaId": "80FF1759-5F86-4046-ABA3-EB7B0038F656", "vulnerable": true}, {"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:powerpc:*:*:*:*:*", "matchCriteriaId": "DF578B64-57E2-4FCD-A6E1-F8F3317FDB88", "vulnerable": true}, {"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:sparc:*:*:*:*:*", "matchCriteriaId": "61B11116-FA94-4989-89A1-C7B551D5195A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:x.org:libxfont:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "AFADBA5A-8168-40B8-B5CA-0F1F7F9193D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "837EBF15-6C7D-46B8-8A90-9DFBF2C09FF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:xfree86_project:x11r6:4.3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "E859A205-0DC2-4E28-8FF0-72D66DE9B280", "vulnerable": true}, {"criteria": "cpe:2.3:a:xfree86_project:x11r6:4.3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "F18E8C7B-53AC-4BC7-9E00-A70293172B58", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:rpath:rpath_linux:1:*:*:*:*:*:*:*", "matchCriteriaId": "0DD12BC0-1E50-49C6-AD0D-8CE90F0E8449", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*", "matchCriteriaId": "2641EE56-6F9D-400B-B456-877F4DA79B10", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*", "matchCriteriaId": "A4A9461E-C117-42EC-9F14-DF2A82BA7C5D", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*", "matchCriteriaId": "E0B458EA-495E-40FA-9379-C03757F7B1EE", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*", "matchCriteriaId": "409E324A-C040-494F-A026-9DCAE01C07F8", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*", "matchCriteriaId": "1728AB5D-55A9-46B0-A412-6F7263CAEB5A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*", "matchCriteriaId": "6474B775-C893-491F-A074-802AFB1FEDD8", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_servers:*:*:*:*:*", "matchCriteriaId": "81B543F9-C209-46C2-B0AE-E14818A6992E", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*", "matchCriteriaId": "EC79FF22-2664-4C40-B0B3-6D23B5F45162", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation:*:*:*:*:*", "matchCriteriaId": "DB89C970-DE94-4E09-A90A-077DB83AD156", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:4.0:*:advanced_server:*:*:*:*:*", "matchCriteriaId": "F9440B25-D206-4914-9557-B5F030890DEC", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:4.0:*:enterprise_server:*:*:*:*:*", "matchCriteriaId": "E9933557-3BCA-4D92-AD4F-27758A0D3347", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:4.0:*:workstation:*:*:*:*:*", "matchCriteriaId": "10A60552-15A5-4E95-B3CE-99A4B26260C1", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:desktop:*:*:*:*:*", "matchCriteriaId": "FE524195-06F1-4504-9223-07596588CC70", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:desktop_workstation:*:*:*:*:*", "matchCriteriaId": "2FEED00F-3B70-4E57-AD80-7903AECED14B", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:server:*:*:*:*:*", "matchCriteriaId": "40D71CBC-D365-4710-BAB5-8A1159F35E41", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "AF3BBBC3-3EF9-4E24-9DE2-627E172A5473", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "7D74A418-50F0-42C0-ABBC-BBBE718FF025", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*", "matchCriteriaId": "84A50ED3-FD0D-4038-B3E7-CC65D166C968", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*", "matchCriteriaId": "8DBD9D3C-40AB-449D-A9A8-A09DF2DEDB96", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:openbsd:openbsd:3.9:*:*:*:*:*:*:*", "matchCriteriaId": "F5BB6C5D-4C43-4BB8-B1CE-A70BBE650CA1", "vulnerable": true}, {"criteria": "cpe:2.3:o:openbsd:openbsd:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "CC77812C-D84E-493E-9D21-1BA6C2129E70", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*", "matchCriteriaId": "02362C25-B373-4FB1-AF4A-2AFC7F7D4387", "vulnerable": false}, {"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:x86_64:*:*:*:*:*", "matchCriteriaId": "19AD5F8D-6EB9-4E4B-9E82-FFBAB68797E9", "vulnerable": false}, {"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "2BB0B27C-04EA-426F-9016-7406BACD91DF", "vulnerable": false}, {"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*", "matchCriteriaId": "BB2B1BA5-8370-4281-B5C9-3D4FE6C70FBC", "vulnerable": false}, {"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "94F65351-C2DA-41C0-A3F9-1AE951E4386E", "vulnerable": false}, {"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:*", "matchCriteriaId": "1B795F9F-AFB3-4A2A-ABC6-9246906800DE", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "77FF1412-A7DA-4669-8AE1-5A529AB387FB", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow."}, {"lang": "es", "value": "Desbordamiento de enteros en la funci\u00f3n bdfReadCharacters en (1) X.Org libXfont before 20070403 y (2) freetype 2.3.2 y permite a usuarios remotos validados ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de fuentes manipuladas BDF, las cueles dan como resultado un desbordamiento de pila."}], "id": "CVE-2007-1351", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 8.5, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-04-06T01:19:00.000", "references": [{"source": "secalert@redhat.com", "url": "http://issues.foresightlinux.org/browse/FL-223"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=501"}, {"source": "secalert@redhat.com", "url": "http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html"}, {"source": "secalert@redhat.com", "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"}, {"source": "secalert@redhat.com", "url": "http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2007-0125.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/24741"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/24745"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/24756"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/24758"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/24765"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/24768"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/24770"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/24771"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/24772"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/24776"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/24791"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/24885"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/24889"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/24921"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/24996"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/25004"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/25006"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/25096"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/25195"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/25216"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/25305"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/25495"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/28333"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/30161"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/33937"}, {"source": "secalert@redhat.com", "url": "http://security.gentoo.org/glsa/glsa-200705-02.xml"}, {"source": "secalert@redhat.com", "url": "http://security.gentoo.org/glsa/glsa-200705-10.xml"}, {"source": "secalert@redhat.com", "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.626733"}, {"source": "secalert@redhat.com", "url": "http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=498954"}, {"source": "secalert@redhat.com", "url": "http://sourceforge.net/project/shownotes.php?release_id=498954"}, {"source": "secalert@redhat.com", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1"}, {"source": "secalert@redhat.com", "url": "http://support.apple.com/kb/HT3438"}, {"source": "secalert@redhat.com", "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm"}, {"source": "secalert@redhat.com", "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-193.htm"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2007/dsa-1294"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2008/dsa-1454"}, {"source": "secalert@redhat.com", "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:079"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:080"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:081"}, {"source": "secalert@redhat.com", "url": "http://www.novell.com/linux/security/advisories/2007_27_x.html"}, {"source": "secalert@redhat.com", "url": "http://www.novell.com/linux/security/advisories/2007_6_sr.html"}, {"source": "secalert@redhat.com", "url": "http://www.openbsd.org/errata39.html#021_xorg"}, {"source": "secalert@redhat.com", "url": "http://www.openbsd.org/errata40.html#011_xorg"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2007-0126.html"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2007-0132.html"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2007-0150.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/464686/100/0/threaded"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/464816/100/0/threaded"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/23283"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/23300"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/23402"}, {"source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id?1017857"}, {"source": "secalert@redhat.com", "url": "http://www.trustix.org/errata/2007/0013/"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/usn-448-1"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2007/1217"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2007/1264"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2007/1548"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33417"}, {"source": "secalert@redhat.com", "url": "https://issues.rpath.com/browse/RPL-1213"}, {"source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11266"}, {"source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1810"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://issues.foresightlinux.org/browse/FL-223"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=501"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2007-0125.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/24741"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24745"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24756"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24758"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24765"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24768"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/24770"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24771"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24772"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24776"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24791"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24885"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24889"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24921"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24996"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/25004"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/25006"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/25096"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/25195"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/25216"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/25305"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/25495"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/28333"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/30161"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/33937"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200705-02.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200705-10.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.626733"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=498954"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sourceforge.net/project/shownotes.php?release_id=498954"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.apple.com/kb/HT3438"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-193.htm"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2007/dsa-1294"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2008/dsa-1454"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:079"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:080"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:081"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.novell.com/linux/security/advisories/2007_27_x.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.novell.com/linux/security/advisories/2007_6_sr.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openbsd.org/errata39.html#021_xorg"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openbsd.org/errata40.html#011_xorg"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2007-0126.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2007-0132.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2007-0150.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/464686/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/464816/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/23283"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/23300"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/23402"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1017857"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.trustix.org/errata/2007/0013/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/usn-448-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/1217"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/1264"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/1548"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33417"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://issues.rpath.com/browse/RPL-1213"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11266"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1810"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank iDefense for reporting this issue.", "affected_release": [{"advisory": "RHSA-2007:0125", "cpe": "cpe:/o:redhat:enterprise_linux:2.1", "package": "XFree86-0:4.1.0-82.EL", "product_name": "Red Hat Enterprise Linux 2.1", "release_date": "2007-04-03T00:00:00Z"}, {"advisory": "RHSA-2007:0125", "cpe": "cpe:/o:redhat:enterprise_linux:3", "package": "XFree86-0:4.3.0-120.EL", "product_name": "Red Hat Enterprise Linux 3", "release_date": "2007-04-03T00:00:00Z"}, {"advisory": "RHSA-2007:0150", "cpe": "cpe:/o:redhat:enterprise_linux:3", "package": "freetype-0:2.1.4-6.el3", "product_name": "Red Hat Enterprise Linux 3", "release_date": "2007-04-16T00:00:00Z"}, {"advisory": "RHSA-2007:0126", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "xorg-x11-0:6.8.2-1.EL.13.37.7", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2007-04-03T00:00:00Z"}, {"advisory": "RHSA-2007:0150", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "freetype-0:2.1.9-5.el4", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2007-04-16T00:00:00Z"}, {"advisory": "RHSA-2007:0132", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "libXfont-0:1.2.2-1.0.2.el5", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2007-04-03T00:00:00Z"}, {"advisory": "RHSA-2007:0150", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "freetype-0:2.2.1-17.el5", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2007-04-16T00:00:00Z"}], "bugzilla": {"description": "Multiple font integer overflows (CVE-2007-1352)", "id": "235265", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=235265"}, "csaw": false, "details": ["Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow."], "name": "CVE-2007-1351", "public_date": "2007-04-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2007-1351\nhttps://nvd.nist.gov/vuln/detail/CVE-2007-1351"], "threat_severity": "Important"}

Metrics

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object