2023-04-24 12:24:31 +02:00
{
"id" : "CVE-2007-1351" ,
"sourceIdentifier" : "secalert@redhat.com" ,
"published" : "2007-04-06T01:19:00.000" ,
"lastModified" : "2018-10-16T16:38:01.957" ,
"vulnStatus" : "Modified" ,
2024-07-14 02:06:08 +00:00
"cveTags" : [ ] ,
2023-04-24 12:24:31 +02:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow."
} ,
{
"lang" : "es" ,
"value" : "Desbordamiento de enteros en la funci\u00f3n bdfReadCharacters en (1) X.Org libXfont before 20070403 y (2) freetype 2.3.2 y permite a usuarios remotos validados ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de fuentes manipuladas BDF, las cueles dan como resultado un desbordamiento de pila."
}
] ,
"metrics" : {
"cvssMetricV2" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "2.0" ,
"vectorString" : "AV:N/AC:M/Au:S/C:C/I:C/A:C" ,
"accessVector" : "NETWORK" ,
"accessComplexity" : "MEDIUM" ,
"authentication" : "SINGLE" ,
"confidentialityImpact" : "COMPLETE" ,
"integrityImpact" : "COMPLETE" ,
"availabilityImpact" : "COMPLETE" ,
"baseScore" : 8.5
} ,
"baseSeverity" : "HIGH" ,
"exploitabilityScore" : 6.8 ,
"impactScore" : 10.0 ,
"acInsufInfo" : false ,
"obtainAllPrivilege" : true ,
"obtainUserPrivilege" : false ,
"obtainOtherPrivilege" : false ,
"userInteractionRequired" : false
}
]
} ,
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-189"
}
]
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:amd64:*:*:*:*:*" ,
"matchCriteriaId" : "86FD134D-A5C5-4B08-962D-70CF07C74923"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:i386:*:*:*:*:*" ,
"matchCriteriaId" : "FA84692E-F99D-4207-B4F2-799A6ADB88AD"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:powerpc:*:*:*:*:*" ,
"matchCriteriaId" : "8B0F1091-4B76-44F5-B896-6D37E2F909A2"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:sparc:*:*:*:*:*" ,
"matchCriteriaId" : "EF15862D-6108-4791-8817-622123C8D10C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:amd64:*:*:*:*:*" ,
"matchCriteriaId" : "F1672825-AB87-4402-A628-B33AE5B7D4C8"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:i386:*:*:*:*:*" ,
"matchCriteriaId" : "939216D8-9E6C-419E-BC0A-EC7F0F29CE95"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:powerpc:*:*:*:*:*" ,
"matchCriteriaId" : "E520564E-964D-4758-945B-5EF0C35E605C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:sparc:*:*:*:*:*" ,
"matchCriteriaId" : "2294D5A7-7B36-497A-B0F1-514BC49E1423"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:amd64:*:*:*:*:*" ,
"matchCriteriaId" : "AB80939E-8B58-48B6-AFB7-9CF518C0EE1F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:i386:*:*:*:*:*" ,
"matchCriteriaId" : "80FF1759-5F86-4046-ABA3-EB7B0038F656"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:powerpc:*:*:*:*:*" ,
"matchCriteriaId" : "DF578B64-57E2-4FCD-A6E1-F8F3317FDB88"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:sparc:*:*:*:*:*" ,
"matchCriteriaId" : "61B11116-FA94-4989-89A1-C7B551D5195A"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:x.org:libxfont:1.2.2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "AFADBA5A-8168-40B8-B5CA-0F1F7F9193D2"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "837EBF15-6C7D-46B8-8A90-9DFBF2C09FF3"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:xfree86_project:x11r6:4.3.0.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "E859A205-0DC2-4E28-8FF0-72D66DE9B280"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:xfree86_project:x11r6:4.3.0.2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "F18E8C7B-53AC-4BC7-9E00-A70293172B58"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:rpath:rpath_linux:1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "0DD12BC0-1E50-49C6-AD0D-8CE90F0E8449"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*" ,
"matchCriteriaId" : "2641EE56-6F9D-400B-B456-877F4DA79B10"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*" ,
"matchCriteriaId" : "A4A9461E-C117-42EC-9F14-DF2A82BA7C5D"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*" ,
"matchCriteriaId" : "E0B458EA-495E-40FA-9379-C03757F7B1EE"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*" ,
"matchCriteriaId" : "409E324A-C040-494F-A026-9DCAE01C07F8"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*" ,
"matchCriteriaId" : "1728AB5D-55A9-46B0-A412-6F7263CAEB5A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*" ,
"matchCriteriaId" : "6474B775-C893-491F-A074-802AFB1FEDD8"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_servers:*:*:*:*:*" ,
"matchCriteriaId" : "81B543F9-C209-46C2-B0AE-E14818A6992E"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*" ,
"matchCriteriaId" : "EC79FF22-2664-4C40-B0B3-6D23B5F45162"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation:*:*:*:*:*" ,
"matchCriteriaId" : "DB89C970-DE94-4E09-A90A-077DB83AD156"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:redhat:enterprise_linux:4.0:*:advanced_server:*:*:*:*:*" ,
"matchCriteriaId" : "F9440B25-D206-4914-9557-B5F030890DEC"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:redhat:enterprise_linux:4.0:*:enterprise_server:*:*:*:*:*" ,
"matchCriteriaId" : "E9933557-3BCA-4D92-AD4F-27758A0D3347"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:redhat:enterprise_linux:4.0:*:workstation:*:*:*:*:*" ,
"matchCriteriaId" : "10A60552-15A5-4E95-B3CE-99A4B26260C1"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:redhat:enterprise_linux:5.0:*:desktop:*:*:*:*:*" ,
"matchCriteriaId" : "FE524195-06F1-4504-9223-07596588CC70"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:redhat:enterprise_linux:5.0:*:desktop_workstation:*:*:*:*:*" ,
"matchCriteriaId" : "2FEED00F-3B70-4E57-AD80-7903AECED14B"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:redhat:enterprise_linux:5.0:*:server:*:*:*:*:*" ,
"matchCriteriaId" : "40D71CBC-D365-4710-BAB5-8A1159F35E41"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "AF3BBBC3-3EF9-4E24-9DE2-627E172A5473"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "7D74A418-50F0-42C0-ABBC-BBBE718FF025"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*" ,
"matchCriteriaId" : "84A50ED3-FD0D-4038-B3E7-CC65D166C968"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*" ,
"matchCriteriaId" : "8DBD9D3C-40AB-449D-A9A8-A09DF2DEDB96"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:openbsd:openbsd:3.9:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "F5BB6C5D-4C43-4BB8-B1CE-A70BBE650CA1"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:openbsd:openbsd:4.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "CC77812C-D84E-493E-9D21-1BA6C2129E70"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "02362C25-B373-4FB1-AF4A-2AFC7F7D4387"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:x86_64:*:*:*:*:*" ,
"matchCriteriaId" : "19AD5F8D-6EB9-4E4B-9E82-FFBAB68797E9"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "2BB0B27C-04EA-426F-9016-7406BACD91DF"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*" ,
"matchCriteriaId" : "BB2B1BA5-8370-4281-B5C9-3D4FE6C70FBC"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "94F65351-C2DA-41C0-A3F9-1AE951E4386E"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:*" ,
"matchCriteriaId" : "1B795F9F-AFB3-4A2A-ABC6-9246906800DE"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "77FF1412-A7DA-4669-8AE1-5A529AB387FB"
}
]
}
]
}
] ,
"references" : [
{
"url" : "http://issues.foresightlinux.org/browse/FL-223" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=501" ,
"source" : "secalert@redhat.com" ,
"tags" : [
"Patch"
]
} ,
{
"url" : "http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://rhn.redhat.com/errata/RHSA-2007-0125.html" ,
"source" : "secalert@redhat.com"
} ,
2024-04-04 08:46:00 +00:00
{
"url" : "http://secunia.com/advisories/24741" ,
"source" : "secalert@redhat.com" ,
"tags" : [
"Vendor Advisory"
]
} ,
{
"url" : "http://secunia.com/advisories/24745" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://secunia.com/advisories/24756" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://secunia.com/advisories/24758" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://secunia.com/advisories/24765" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://secunia.com/advisories/24768" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://secunia.com/advisories/24770" ,
"source" : "secalert@redhat.com" ,
"tags" : [
"Vendor Advisory"
]
} ,
{
"url" : "http://secunia.com/advisories/24771" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://secunia.com/advisories/24772" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://secunia.com/advisories/24776" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://secunia.com/advisories/24791" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://secunia.com/advisories/24885" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://secunia.com/advisories/24889" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://secunia.com/advisories/24921" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://secunia.com/advisories/24996" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://secunia.com/advisories/25004" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://secunia.com/advisories/25006" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://secunia.com/advisories/25096" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://secunia.com/advisories/25195" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://secunia.com/advisories/25216" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://secunia.com/advisories/25305" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://secunia.com/advisories/25495" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://secunia.com/advisories/28333" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://secunia.com/advisories/30161" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://secunia.com/advisories/33937" ,
"source" : "secalert@redhat.com"
} ,
2023-04-24 12:24:31 +02:00
{
"url" : "http://security.gentoo.org/glsa/glsa-200705-02.xml" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://security.gentoo.org/glsa/glsa-200705-10.xml" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.626733" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=498954" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://sourceforge.net/project/shownotes.php?release_id=498954" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://support.apple.com/kb/HT3438" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-193.htm" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://www.debian.org/security/2007/dsa-1294" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://www.debian.org/security/2008/dsa-1454" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:079" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:080" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:081" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://www.novell.com/linux/security/advisories/2007_27_x.html" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://www.novell.com/linux/security/advisories/2007_6_sr.html" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://www.openbsd.org/errata39.html#021_xorg" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://www.openbsd.org/errata40.html#011_xorg" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0126.html" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0132.html" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0150.html" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://www.securityfocus.com/archive/1/464686/100/0/threaded" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://www.securityfocus.com/archive/1/464816/100/0/threaded" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://www.securityfocus.com/bid/23283" ,
"source" : "secalert@redhat.com" ,
"tags" : [
"Patch"
]
} ,
{
"url" : "http://www.securityfocus.com/bid/23300" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://www.securityfocus.com/bid/23402" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://www.securitytracker.com/id?1017857" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://www.trustix.org/errata/2007/0013/" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://www.ubuntu.com/usn/usn-448-1" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://www.vupen.com/english/advisories/2007/1217" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://www.vupen.com/english/advisories/2007/1264" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://www.vupen.com/english/advisories/2007/1548" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33417" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "https://issues.rpath.com/browse/RPL-1213" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11266" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1810" ,
"source" : "secalert@redhat.com"
}
]
}
