CVE-2007-1352

Severity

38%

Complexity

44%

Confidentiality

81%

The vendor has addressed this vulnerability in the following product update: http://xorg.freedesktop.org/archive/X11R7.2/patches/

Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow.

The vendor has addressed this vulnerability in the following product update: http://xorg.freedesktop.org/archive/X11R7.2/patches/

CVSS 2.0 Base Score 3.8. CVSS Attack Vector: adjacent_network. CVSS Attack Complexity: medium. CVSS Vector: (AV:A/AC:M/Au:S/C:N/I:P/A:P).

Overview

First reported 18 years ago

2007-04-06 01:19:00

Last updated 6 years ago

2018-10-16 16:38:00

Affected Software

Red Hat Desktop 3.0

3.0

Red Hat Desktop 4.0

4.0

Slackware Linux 9.0

9.0

Slackware Linux 9.1

9.1

Slackware Linux current

current

OpenBSD 3.9

3.9

OpenBSD 4.0

4.0

References

http://issues.foresightlinux.org/browse/FL-223

20070403 Multiple Vendor X Server fonts.dir File Parsing Integer Overflow Vulnerability

APPLE-SA-2007-11-14

APPLE-SA-2009-02-12

[xorg-announce] 20070403 various integer overflow vulnerabilites in xserver, libX11 and libXfont

RHSA-2007:0125

24741

Vendor Advisory

24745

24756

Patch, Vendor Advisory

24758

24765

24770

Patch, Vendor Advisory

24771

24772

24791

25004

25006

25195

25216

25305

33937

GLSA-200705-10

102886

http://support.apple.com/kb/HT3438

http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm

DSA-1294

MDKSA-2007:079

MDKSA-2007:080

SUSE-SA:2007:027

[3.9] 021: SECURITY FIX: April 4, 2007

[4.0] 011: SECURITY FIX: April 4, 2007

RHSA-2007:0126

Vendor Advisory

RHSA-2007:0132

20070404 rPSA-2007-0065-1 freetype xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs

20070405 FLEA-2007-0009-1: xorg-x11 freetype

23283

23300

1017857

USN-448-1

ADV-2007-1217

ADV-2007-1548

xorg-fontsdir-bo(33419)

https://issues.rpath.com/browse/RPL-1213

oval:org.mitre.oval:def:10523

oval:org.mitre.oval:def:13243

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.