CVE-2007-1351

Loading...

General

Score:8.5/10.0
Severity:High
Category:Numeric Error

Impact Metrics

Confidentiality:Complete
Integrity:Complete
Availability:Complete

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:Single

Relative vulnerabilities

CVE-2006-1861, CVE-2006-3467, CVE-2007-1003, CVE-2007-1352, CVE-2007-1667, CVE-2007-2754, CVE-2007-3756, CVE-2007-3758, CVE-2007-3760, CVE-2007-4565, CVE-2007-4671, CVE-2007-4692, CVE-2007-4698, CVE-2007-4812, CVE-2007-4965, CVE-2008-0534, CVE-2008-0535, CVE-2008-0536, CVE-2008-1377, CVE-2008-1379, CVE-2008-1679, CVE-2008-1721, CVE-2008-1806, CVE-2008-1807, CVE-2008-1808, CVE-2008-1887, CVE-2008-1927, CVE-2008-2315, CVE-2008-2316, CVE-2008-2360, CVE-2008-2361, CVE-2008-2362, CVE-2008-2379, CVE-2008-2711, CVE-2008-3142, CVE-2008-3144, CVE-2008-3663, CVE-2008-4864, CVE-2008-5031, CVE-2008-5050, CVE-2008-5183, CVE-2008-5314, CVE-2009-0009, CVE-2009-0011, CVE-2009-0012, CVE-2009-0013, CVE-2009-0014, CVE-2009-0015, CVE-2009-0017, CVE-2009-0018, CVE-2009-0019, CVE-2009-0020, CVE-2009-0137, CVE-2009-0138, CVE-2009-0139, CVE-2009-0140, CVE-2009-0141, CVE-2009-0142

Published on 06/04/07 - Updated on 16/10/18

Description

Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.

Category: Numeric Error

CWE-189 (Numeric Errors)
Weaknesses in this category are related to improper calculation or conversion of numbers.

Security Notices

US National Vulnerability DatabaseCVE-2007-1351
Agence Nationale de la Sécurité des Systèmes d'Information CERTA-2007-AVI-177, CERTA-2009-AVI-068
Renater 2007/VULN176, 2007/VULN180, 2007/VULN201, 2007/VULN216, 2007/VULN240, 2007/VULN443, 2009/VULN046

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
mandrakesoftmandrake_multi_network_firewall
openbsdopenbsd
redhatenterprise_linux
redhatenterprise_linux_desktop
redhatlinux_advanced_workstation
rpathrpath_linux
ubuntuubuntu_linux
x.orglibxfont
xfree86_projectx11r6

Share this vulnerability with:

Twitter Facebook LinkedIn Mail