SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2007-1351

Date: (C)2007-04-05 (M)2023-12-22

Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 8.5
Exploit Score: 6.8
Impact Score: 10.0

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE

Reference:

SECTRACK-1017857

SUNALERT-102886

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=501

http://www.securityfocus.com/archive/1/464686/100/0/threaded

http://www.securityfocus.com/archive/1/464816/100/0/threaded

APPLE-SA-2007-11-14

APPLE-SA-2009-02-12

SSA:2007-109-01

SUSE-SA:2007:027

SUSE-SR:2007:006

http://www.openbsd.org/errata39.html#021_xorg

http://www.openbsd.org/errata40.html#011_xorg

http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html

http://issues.foresightlinux.org/browse/FL-223

http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=498954

http://sourceforge.net/project/shownotes.php?release_id=498954

http://support.apple.com/kb/HT3438

http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm

http://support.avaya.com/elmodocs2/security/ASA-2007-193.htm

https://issues.rpath.com/browse/RPL-1213

oval:org.mitre.oval:def:11266

oval:org.mitre.oval:def:1810

xorg-bdf-font-bo(33417)

cpe:/o:openbsd:openbsd:4.0
cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0
cpe:/o:mandrakesoft:mandrake_linux:2007
cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0
...

oval:org.mitre.oval:def:8204

© SecPod Technologies