Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
3.8
CVSSv2

CVE-2007-1352

Published: 06/04/2007 Updated: 16/10/2018
CVSS v2 Base Score: 3.8 | Impact Score: 4.9 | Exploitability Score: 4.4
VMScore: 338
Vector: AV:A/AC:M/Au:S/C:N/I:P/A:P

Vulnerability Summary

Integer overflow in the FontFileInitTable function in X.Org libXfont prior to 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow.

Vulnerable Product Search on Vulmon Subscribe to Product

mandrakesoft mandrake multi network firewall 2.0

x.org libxfont 1.2.2

redhat enterprise linux 2.1

redhat enterprise linux 4.0

redhat enterprise linux desktop 3.0

redhat linux advanced workstation 2.1

redhat enterprise linux 3.0

redhat fedora core core 1.0

redhat linux 9.0

redhat enterprise linux desktop 5.0

redhat enterprise linux desktop 4.0

slackware slackware linux 9.0

slackware slackware linux 9.1

slackware slackware linux current

turbolinux turbolinux desktop 10.0

ubuntu ubuntu linux 6.10

ubuntu ubuntu linux 4.1

ubuntu ubuntu linux 5.10

ubuntu ubuntu linux 6.06 lts

rpath linux 1

openbsd openbsd 3.9

openbsd openbsd 4.0

Vendor Advisories

Ubuntu Security Notice: freetype, libxfont, xorg, xorg-server vulnerabilities
Sean Larsson of iDefense Labs discovered that the MISC-XC extension of Xorg did not correctly verify the size of allocated memory An authenticated user could send a specially crafted X11 request and execute arbitrary code with root privileges (CVE-2007-1003) ...
Debian Security Advisories: DSA-1294-1 xfree86 -- several vulnerabilities
Several vulnerabilities have been discovered in the X Window System, which may lead to privilege escalation The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-1003 Sean Larsson discovered an integer overflow in the XC-MISC extension, which might lead to denial of service or local privilege escalat ...

References

NVD-CWE-Otherhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=502http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0126.htmlhttp://www.ubuntu.com/usn/usn-448-1http://www.securityfocus.com/bid/23283http://www.securitytracker.com/id?1017857http://secunia.com/advisories/24741http://secunia.com/advisories/24756http://secunia.com/advisories/24770http://issues.foresightlinux.org/browse/FL-223https://issues.rpath.com/browse/RPL-1213http://rhn.redhat.com/errata/RHSA-2007-0125.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0132.htmlhttp://secunia.com/advisories/24745http://secunia.com/advisories/24758http://secunia.com/advisories/24765http://secunia.com/advisories/24771http://secunia.com/advisories/24772http://secunia.com/advisories/24791http://www.novell.com/linux/security/advisories/2007_27_x.htmlhttp://secunia.com/advisories/25004http://www.openbsd.org/errata39.html#021_xorghttp://www.openbsd.org/errata40.html#011_xorghttp://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1http://www.securityfocus.com/bid/23300http://secunia.com/advisories/25006http://security.gentoo.org/glsa/glsa-200705-10.xmlhttp://secunia.com/advisories/25195http://support.avaya.com/elmodocs2/security/ASA-2007-178.htmhttp://secunia.com/advisories/25216http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.htmlhttp://www.debian.org/security/2007/dsa-1294http://www.mandriva.com/security/advisories?name=MDKSA-2007:079http://www.mandriva.com/security/advisories?name=MDKSA-2007:080http://secunia.com/advisories/25305http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.htmlhttp://secunia.com/advisories/33937http://support.apple.com/kb/HT3438http://www.vupen.com/english/advisories/2007/1548http://www.vupen.com/english/advisories/2007/1217https://exchange.xforce.ibmcloud.com/vulnerabilities/33419https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13243https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10523http://www.securityfocus.com/archive/1/464816/100/0/threadedhttp://www.securityfocus.com/archive/1/464686/100/0/threadedhttps://nvd.nist.govhttps://usn.ubuntu.com/448-1/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3080log injectionCVE-2024-6041CVE-2024-37661XML external entityCVE-2024-0845privilege escalationCVE-2023-37057CVE-2024-27801
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook