Rapid7 Vulnerability & Exploit Database

ELSA-2007-0132 Important: Enterprise Linux libXfont security update

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

ELSA-2007-0132 Important: Enterprise Linux libXfont security update

Severity

CVSS

(AV:N/AC:M/Au:S/C:C/I:C/A:C)

Published

04/05/2007

Created

07/25/2018

Added

12/20/2011

Modified

07/04/2017

Description

Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.

Solution(s)

oracle-linux-upgrade-libxfont
oracle-linux-upgrade-libxfont-devel

References

https://attackerkb.com/topics/cve-2007-1351
APPLE-SA-2007-11-14
APPLE-SA-2009-02-12
23283
23300
23402
CVE - 2007-1351
CVE - 2007-1352
DSA-1294
DSA-1454
OVAL10523
OVAL11266
OVAL13243
OVAL1810
RHSA-2007:0125
RHSA-2007:0126
RHSA-2007:0132
RHSA-2007:0150
SUSE-SA:2007:027
http://oss.oracle.com/pipermail/el-errata/2007-June/000231.html
33417
33419

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;