Rapid7 Vulnerability & Exploit Database

Gentoo Linux: CVE-2007-1351: FreeType: User-assisted execution of arbitrary code

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

Gentoo Linux: CVE-2007-1351: FreeType: User-assisted execution of arbitrary code

Severity

CVSS

(AV:N/AC:M/Au:S/C:C/I:C/A:C)

Published

04/05/2007

Created

07/25/2018

Added

10/30/2017

Modified

10/29/2021

Description

Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.

Solution(s)

gentoo-linux-upgrade-media-libs-freetype
gentoo-linux-upgrade-net-misc-tightvnc
gentoo-linux-upgrade-x11-libs-libxfont

References

https://attackerkb.com/topics/cve-2007-1351
APPLE-SA-2007-11-14
APPLE-SA-2009-02-12
23283
23300
23402
CVE - 2007-1351
DSA-1294
DSA-1454
200705-02
200705-10
OVAL11266
OVAL1810
RHSA-2007:0125
RHSA-2007:0126
RHSA-2007:0132
RHSA-2007:0150
SUSE-SA:2007:027
33417

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;