nvd-json-data-feeds/CVE-2007/CVE-2007-13xx/CVE-2007-1351.json

{
  "id": "CVE-2007-1351",
  "sourceIdentifier": "secalert@redhat.com",
  "published": "2007-04-06T01:19:00.000",
  "lastModified": "2018-10-16T16:38:01.957",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de enteros en la funci\u00f3n bdfReadCharacters en (1) X.Org libXfont before 20070403 y (2) freetype 2.3.2 y permite a usuarios remotos validados ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de fuentes manipuladas BDF, las cueles dan como resultado un desbordamiento de pila."
    }
  ],
  "metrics": {
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "SINGLE",
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 8.5
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 6.8,
        "impactScore": 10.0,
        "acInsufInfo": false,
        "obtainAllPrivilege": true,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:amd64:*:*:*:*:*",
              "matchCriteriaId": "86FD134D-A5C5-4B08-962D-70CF07C74923"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:i386:*:*:*:*:*",
              "matchCriteriaId": "FA84692E-F99D-4207-B4F2-799A6ADB88AD"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:powerpc:*:*:*:*:*",
              "matchCriteriaId": "8B0F1091-4B76-44F5-B896-6D37E2F909A2"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:sparc:*:*:*:*:*",
              "matchCriteriaId": "EF15862D-6108-4791-8817-622123C8D10C"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:amd64:*:*:*:*:*",
              "matchCriteriaId": "F1672825-AB87-4402-A628-B33AE5B7D4C8"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:i386:*:*:*:*:*",
              "matchCriteriaId": "939216D8-9E6C-419E-BC0A-EC7F0F29CE95"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:powerpc:*:*:*:*:*",
              "matchCriteriaId": "E520564E-964D-4758-945B-5EF0C35E605C"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:sparc:*:*:*:*:*",
              "matchCriteriaId": "2294D5A7-7B36-497A-B0F1-514BC49E1423"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:amd64:*:*:*:*:*",
              "matchCriteriaId": "AB80939E-8B58-48B6-AFB7-9CF518C0EE1F"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:i386:*:*:*:*:*",
              "matchCriteriaId": "80FF1759-5F86-4046-ABA3-EB7B0038F656"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:powerpc:*:*:*:*:*",
              "matchCriteriaId": "DF578B64-57E2-4FCD-A6E1-F8F3317FDB88"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:sparc:*:*:*:*:*",
              "matchCriteriaId": "61B11116-FA94-4989-89A1-C7B551D5195A"
            }
          ]
        }
      ]
    },
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:x.org:libxfont:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFADBA5A-8168-40B8-B5CA-0F1F7F9193D2"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "837EBF15-6C7D-46B8-8A90-9DFBF2C09FF3"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E859A205-0DC2-4E28-8FF0-72D66DE9B280"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F18E8C7B-53AC-4BC7-9E00-A70293172B58"
            }
          ]
        }
      ]
    },
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:rpath:rpath_linux:1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DD12BC0-1E50-49C6-AD0D-8CE90F0E8449"
            }
          ]
        }
      ]
    },
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*",
              "matchCriteriaId": "2641EE56-6F9D-400B-B456-877F4DA79B10"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*",
              "matchCriteriaId": "A4A9461E-C117-42EC-9F14-DF2A82BA7C5D"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*",
              "matchCriteriaId": "E0B458EA-495E-40FA-9379-C03757F7B1EE"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*",
              "matchCriteriaId": "409E324A-C040-494F-A026-9DCAE01C07F8"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*",
              "matchCriteriaId": "1728AB5D-55A9-46B0-A412-6F7263CAEB5A"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*",
              "matchCriteriaId": "6474B775-C893-491F-A074-802AFB1FEDD8"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_servers:*:*:*:*:*",
              "matchCriteriaId": "81B543F9-C209-46C2-B0AE-E14818A6992E"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*",
              "matchCriteriaId": "EC79FF22-2664-4C40-B0B3-6D23B5F45162"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation:*:*:*:*:*",
              "matchCriteriaId": "DB89C970-DE94-4E09-A90A-077DB83AD156"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:4.0:*:advanced_server:*:*:*:*:*",
              "matchCriteriaId": "F9440B25-D206-4914-9557-B5F030890DEC"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:4.0:*:enterprise_server:*:*:*:*:*",
              "matchCriteriaId": "E9933557-3BCA-4D92-AD4F-27758A0D3347"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:4.0:*:workstation:*:*:*:*:*",
              "matchCriteriaId": "10A60552-15A5-4E95-B3CE-99A4B26260C1"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:desktop:*:*:*:*:*",
              "matchCriteriaId": "FE524195-06F1-4504-9223-07596588CC70"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:desktop_workstation:*:*:*:*:*",
              "matchCriteriaId": "2FEED00F-3B70-4E57-AD80-7903AECED14B"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:server:*:*:*:*:*",
              "matchCriteriaId": "40D71CBC-D365-4710-BAB5-8A1159F35E41"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF3BBBC3-3EF9-4E24-9DE2-627E172A5473"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D74A418-50F0-42C0-ABBC-BBBE718FF025"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*",
              "matchCriteriaId": "84A50ED3-FD0D-4038-B3E7-CC65D166C968"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*",
              "matchCriteriaId": "8DBD9D3C-40AB-449D-A9A8-A09DF2DEDB96"
            }
          ]
        }
      ]
    },
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:openbsd:openbsd:3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5BB6C5D-4C43-4BB8-B1CE-A70BBE650CA1"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:openbsd:openbsd:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC77812C-D84E-493E-9D21-1BA6C2129E70"
            }
          ]
        }
      ]
    },
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "02362C25-B373-4FB1-AF4A-2AFC7F7D4387"
            },
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:x86_64:*:*:*:*:*",
              "matchCriteriaId": "19AD5F8D-6EB9-4E4B-9E82-FFBAB68797E9"
            },
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BB0B27C-04EA-426F-9016-7406BACD91DF"
            },
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*",
              "matchCriteriaId": "BB2B1BA5-8370-4281-B5C9-3D4FE6C70FBC"
            },
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "94F65351-C2DA-41C0-A3F9-1AE951E4386E"
            },
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:*",
              "matchCriteriaId": "1B795F9F-AFB3-4A2A-ABC6-9246906800DE"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "77FF1412-A7DA-4669-8AE1-5A529AB387FB"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://issues.foresightlinux.org/browse/FL-223",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=501",
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ]
    },
    {
      "url": "http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://rhn.redhat.com/errata/RHSA-2007-0125.html",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://secunia.com/advisories/24741",
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "http://secunia.com/advisories/24745",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://secunia.com/advisories/24756",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://secunia.com/advisories/24758",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://secunia.com/advisories/24765",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://secunia.com/advisories/24768",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://secunia.com/advisories/24770",
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "http://secunia.com/advisories/24771",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://secunia.com/advisories/24772",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://secunia.com/advisories/24776",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://secunia.com/advisories/24791",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://secunia.com/advisories/24885",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://secunia.com/advisories/24889",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://secunia.com/advisories/24921",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://secunia.com/advisories/24996",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://secunia.com/advisories/25004",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://secunia.com/advisories/25006",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://secunia.com/advisories/25096",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://secunia.com/advisories/25195",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://secunia.com/advisories/25216",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://secunia.com/advisories/25305",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://secunia.com/advisories/25495",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://secunia.com/advisories/28333",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://secunia.com/advisories/30161",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://secunia.com/advisories/33937",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://security.gentoo.org/glsa/glsa-200705-02.xml",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://security.gentoo.org/glsa/glsa-200705-10.xml",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.626733",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=498954",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://sourceforge.net/project/shownotes.php?release_id=498954",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://support.apple.com/kb/HT3438",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-193.htm",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://www.debian.org/security/2007/dsa-1294",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://www.debian.org/security/2008/dsa-1454",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:079",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:080",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:081",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://www.novell.com/linux/security/advisories/2007_27_x.html",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://www.novell.com/linux/security/advisories/2007_6_sr.html",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://www.openbsd.org/errata39.html#021_xorg",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://www.openbsd.org/errata40.html#011_xorg",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0126.html",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0132.html",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0150.html",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://www.securityfocus.com/archive/1/464686/100/0/threaded",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://www.securityfocus.com/archive/1/464816/100/0/threaded",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://www.securityfocus.com/bid/23283",
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ]
    },
    {
      "url": "http://www.securityfocus.com/bid/23300",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://www.securityfocus.com/bid/23402",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://www.securitytracker.com/id?1017857",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://www.trustix.org/errata/2007/0013/",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://www.ubuntu.com/usn/usn-448-1",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://www.vupen.com/english/advisories/2007/1217",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://www.vupen.com/english/advisories/2007/1264",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://www.vupen.com/english/advisories/2007/1548",
      "source": "secalert@redhat.com"
    },
    {
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33417",
      "source": "secalert@redhat.com"
    },
    {
      "url": "https://issues.rpath.com/browse/RPL-1213",
      "source": "secalert@redhat.com"
    },
    {
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11266",
      "source": "secalert@redhat.com"
    },
    {
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1810",
      "source": "secalert@redhat.com"
    }
  ]
}