Vulnerability in Mandrakesoft Mandrake_linux

CVE-2007-1351

Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a h…

EPSS: 0.056 (91.9th percentile) — read the EPSS interpretation.

Affected products

Mandrakesoft Mandrake_linux — versions 2007
Mandrakesoft Mandrake_linux_corporate_server — versions 3.0, 4.0
Mandrakesoft Mandrake_multi_network_firewall — versions 2.0
Openbsd — versions 3.9, 4.0
Rpath Rpath_linux — versions 1
Xfree86_project X11r6 — versions 4.3.0, 4.3.0.1, 4.3.0.2
X.org Libxfont — versions 1.2.2
Redhat Enterprise_linux — versions 2.1, 3.0, 4.0
Redhat Enterprise_linux_desktop — versions 3.0, 4.0
Redhat Linux_advanced_workstation — versions 2.1

Weakness classification (CWE)

CWE-189

References

secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_SECUNIA, third-party-advisory)
secalert@redhat.com (x_refsource_SECUNIA, third-party-advisory)
secalert@redhat.com (x_refsource_OVAL, signature, vdb-entry)
secalert@redhat.com (x_refsource_SECUNIA, third-party-advisory)
secalert@redhat.com (vendor-advisory, x_refsource_TRUSTIX)
secalert@redhat.com (x_refsource_SECUNIA, third-party-advisory)
secalert@redhat.com (vendor-advisory, x_refsource_GENTOO)
secalert@redhat.com (x_refsource_SECUNIA, third-party-advisory)
secalert@redhat.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)