CVE - CVE-2007-1352

CVE-ID
CVE-2007-1352	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
APPLE:APPLE-SA-2007-11-14 URL:http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html APPLE:APPLE-SA-2009-02-12 URL:http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html BID:23283 URL:http://www.securityfocus.com/bid/23283 BID:23300 URL:http://www.securityfocus.com/bid/23300 BUGTRAQ:20070404 rPSA-2007-0065-1 freetype xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs URL:http://www.securityfocus.com/archive/1/464686/100/0/threaded BUGTRAQ:20070405 FLEA-2007-0009-1: xorg-x11 freetype URL:http://www.securityfocus.com/archive/1/464816/100/0/threaded CONFIRM:http://issues.foresightlinux.org/browse/FL-223 CONFIRM:http://support.apple.com/kb/HT3438 CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm CONFIRM:https://issues.rpath.com/browse/RPL-1213 DEBIAN:DSA-1294 URL:http://www.debian.org/security/2007/dsa-1294 GENTOO:GLSA-200705-10 URL:http://security.gentoo.org/glsa/glsa-200705-10.xml IDEFENSE:20070403 Multiple Vendor X Server fonts.dir File Parsing Integer Overflow Vulnerability URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=502 MANDRIVA:MDKSA-2007:079 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2007:079~~ (Obsolete source) MANDRIVA:MDKSA-2007:080 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2007:080~~ (Obsolete source) MLIST:[xorg-announce] 20070403 various integer overflow vulnerabilites in xserver, libX11 and libXfont URL:http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html OPENBSD:[3.9] 021: SECURITY FIX: April 4, 2007 URL:http://www.openbsd.org/errata39.html#021_xorg OPENBSD:[4.0] 011: SECURITY FIX: April 4, 2007 URL:http://www.openbsd.org/errata40.html#011_xorg OVAL:oval:org.mitre.oval:def:10523 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10523 OVAL:oval:org.mitre.oval:def:13243 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13243 REDHAT:RHSA-2007:0125 URL:http://rhn.redhat.com/errata/RHSA-2007-0125.html REDHAT:RHSA-2007:0126 URL:http://www.redhat.com/support/errata/RHSA-2007-0126.html REDHAT:RHSA-2007:0132 URL:http://www.redhat.com/support/errata/RHSA-2007-0132.html SECTRACK:1017857 URL:http://www.securitytracker.com/id?1017857 SECUNIA:24741 URL:http://secunia.com/advisories/24741 SECUNIA:24745 URL:http://secunia.com/advisories/24745 SECUNIA:24756 URL:http://secunia.com/advisories/24756 SECUNIA:24758 URL:http://secunia.com/advisories/24758 SECUNIA:24765 URL:http://secunia.com/advisories/24765 SECUNIA:24770 URL:http://secunia.com/advisories/24770 SECUNIA:24771 URL:http://secunia.com/advisories/24771 SECUNIA:24772 URL:http://secunia.com/advisories/24772 SECUNIA:24791 URL:http://secunia.com/advisories/24791 SECUNIA:25004 URL:http://secunia.com/advisories/25004 SECUNIA:25006 URL:http://secunia.com/advisories/25006 SECUNIA:25195 URL:http://secunia.com/advisories/25195 SECUNIA:25216 URL:http://secunia.com/advisories/25216 SECUNIA:25305 URL:http://secunia.com/advisories/25305 SECUNIA:33937 URL:http://secunia.com/advisories/33937 SUNALERT:102886 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1~~ (Obsolete source) SUSE:SUSE-SA:2007:027 URL:http://www.novell.com/linux/security/advisories/2007_27_x.html UBUNTU:USN-448-1 URL:http://www.ubuntu.com/usn/usn-448-1 VUPEN:ADV-2007-1217 URL:~~http://www.vupen.com/english/advisories/2007/1217~~ (Obsolete source) VUPEN:ADV-2007-1548 URL:~~http://www.vupen.com/english/advisories/2007/1548~~ (Obsolete source) XF:xorg-fontsdir-bo(33419) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/33419
Assigning CNA
Red Hat, Inc.
Date Record Created
20070308	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070308)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)