Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
3.8
CVSSv2

CVE-2007-1352

Published: 06/04/2007 Updated: 16/10/2018
CVSS v2 Base Score: 3.8 | Impact Score: 4.9 | Exploitability Score: 4.4
VMScore: 338
Vector: AV:A/AC:M/Au:S/C:N/I:P/A:P
Subscribe to Mandrake Linux

Vulnerability Summary

Integer overflow in the FontFileInitTable function in X.Org libXfont prior to 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow.

Vulnerable Product Search on Vulmon Subscribe to Product

mandrakesoft mandrake_multi_network_firewall 2.0

x.org libxfont 1.2.2

redhat enterprise linux 2.1

redhat enterprise linux 3.0

redhat enterprise linux 4.0

redhat fedora core core_1.0

redhat linux 9.0

redhat enterprise linux desktop 5.0

redhat linux advanced workstation 2.1

redhat enterprise linux desktop 3.0

redhat enterprise linux desktop 4.0

slackware slackware linux current

slackware slackware linux 9.0

slackware slackware linux 9.1

turbolinux turbolinux desktop 10.0

ubuntu ubuntu linux 5.10

ubuntu ubuntu linux 6.06_lts

ubuntu ubuntu linux 6.10

ubuntu ubuntu linux 4.1

rpath linux 1

openbsd openbsd 3.9

openbsd openbsd 4.0

Vendor Advisories

Ubuntu Security Notice: freetype, libxfont, xorg, xorg-server vulnerabilities
Sean Larsson of iDefense Labs discovered that the MISC-XC extension of Xorg did not correctly verify the size of allocated memory An authenticated user could send a specially crafted X11 request and execute arbitrary code with root privileges (CVE-2007-1003) ...
Debian Security Advisories: DSA-1294-1 xfree86 -- several vulnerabilities
Several vulnerabilities have been discovered in the X Window System, which may lead to privilege escalation The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-1003 Sean Larsson discovered an integer overflow in the XC-MISC extension, which might lead to denial of service or local privilege escalat ...

References

NVD-CWE-Otherhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=502http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0126.htmlhttp://www.ubuntu.com/usn/usn-448-1http://www.securityfocus.com/bid/23283http://www.securitytracker.com/id?1017857http://secunia.com/advisories/24741http://secunia.com/advisories/24756http://secunia.com/advisories/24770http://issues.foresightlinux.org/browse/FL-223https://issues.rpath.com/browse/RPL-1213http://rhn.redhat.com/errata/RHSA-2007-0125.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0132.htmlhttp://secunia.com/advisories/24745http://secunia.com/advisories/24758http://secunia.com/advisories/24765http://secunia.com/advisories/24771http://secunia.com/advisories/24772http://secunia.com/advisories/24791http://www.novell.com/linux/security/advisories/2007_27_x.htmlhttp://secunia.com/advisories/25004http://www.openbsd.org/errata39.html#021_xorghttp://www.openbsd.org/errata40.html#011_xorghttp://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1http://www.securityfocus.com/bid/23300http://secunia.com/advisories/25006http://security.gentoo.org/glsa/glsa-200705-10.xmlhttp://secunia.com/advisories/25195http://support.avaya.com/elmodocs2/security/ASA-2007-178.htmhttp://secunia.com/advisories/25216http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.htmlhttp://www.debian.org/security/2007/dsa-1294http://www.mandriva.com/security/advisories?name=MDKSA-2007:079http://www.mandriva.com/security/advisories?name=MDKSA-2007:080http://secunia.com/advisories/25305http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.htmlhttp://secunia.com/advisories/33937http://support.apple.com/kb/HT3438http://www.vupen.com/english/advisories/2007/1548http://www.vupen.com/english/advisories/2007/1217https://exchange.xforce.ibmcloud.com/vulnerabilities/33419https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13243https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10523http://www.securityfocus.com/archive/1/464816/100/0/threadedhttp://www.securityfocus.com/archive/1/464686/100/0/threadedhttps://usn.ubuntu.com/448-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
encryptionCVE-2024-4331CVE-2024-26925arbitrary codeCVE-2006-4304CVE-2024-25458CVE-2024-27077reflected XSSCVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook