Description
Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.
References (68)
Core 68
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-0150.html
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1810
Vendor Advisory vendor-advisory
x_refsource_trustix
http://www.trustix.org/errata/2007/0013/
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24770
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24756
Product x_refsource_confirm
http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=498954
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/23283
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-0126.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24745
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24921
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/33937
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24771
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200705-02.xml
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24889
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25006
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25495
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24996
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/23300
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT3438
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200705-10.xml
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-448-1
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:080
Vendor Advisory vendor-advisory
x_refsource_slackware
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.626733
Vendor Advisory vendor-advisory
x_refsource_suse
http://www.novell.com/linux/security/advisories/2007_6_sr.html
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:081
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2008/dsa-1454
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24758
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1264
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1017857
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24885
Vendor Advisory x_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25096
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25195
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2007-0125.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24741
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24776
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28333
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24768
Various Sources mailing-list
x_refsource_mlist
http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24791
Vendor Advisory vendor-advisory
x_refsource_suse
http://www.novell.com/linux/security/advisories/2007_27_x.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/30161
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
Product x_refsource_confirm
http://sourceforge.net/project/shownotes.php?release_id=498954
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2007/dsa-1294
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24765
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25216
Patch third-party-advisory
x_refsource_idefense
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=501
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/464686/100/0/threaded
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/464816/100/0/threaded
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1548
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/33417
Vendor Advisory vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1217
Various Sources vendor-advisory
x_refsource_openbsd
http://www.openbsd.org/errata40.html#011_xorg
Issue Tracking x_refsource_confirm
https://issues.rpath.com/browse/RPL-1213
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/23402
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25004
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25305
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11266
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-0132.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24772
Vendor Advisory x_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2007-193.htm
Various Sources vendor-advisory
x_refsource_openbsd
http://www.openbsd.org/errata39.html#021_xorg
Various Sources x_refsource_confirm
http://issues.foresightlinux.org/browse/FL-223
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:079
Scores
EPSS
0.0777
EPSS Percentile
92.1%
Details
CWE
CWE-189
Status
published
Products (18)
mandrakesoft/mandrake_multi_network_firewall
2.0
openbsd/openbsd
3.9
openbsd/openbsd
4.0
redhat/enterprise_linux
2.1 (6 CPE variants)
redhat/enterprise_linux
3.0 (3 CPE variants)
redhat/enterprise_linux
4.0 (3 CPE variants)
redhat/enterprise_linux
5.0 (3 CPE variants)
redhat/enterprise_linux_desktop
3.0
redhat/enterprise_linux_desktop
4.0
redhat/linux_advanced_workstation
2.1 (2 CPE variants)
... and 8 more
Published
Apr 06, 2007
Tracked Since
Feb 18, 2026