2007-04-06 03:19:00 2018-10-16 18:38:01

Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.

Vector

NETWORK

Complexity

MEDIUM

Authentication

SINGLE_INSTANCE

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE
Redhat Enterprise linux 2.1 Enterprise server (not an official CPE) Ubuntu Ubuntu linux 6.06 lts Sparc (not an official CPE) Ubuntu Ubuntu linux 6.10 Amd64 (not an official CPE) Ubuntu Ubuntu linux 6.06 lts Powerpc (not an official CPE) Ubuntu Ubuntu linux 6.06 lts I386 (not an official CPE) Ubuntu Ubuntu linux 5.10 I386 (not an official CPE) Ubuntu Ubuntu linux 5.10 Powerpc (not an official CPE) Ubuntu Ubuntu linux 5.10 Sparc (not an official CPE) Ubuntu Ubuntu linux 6.06 lts Amd64 (not an official CPE) Ubuntu Ubuntu linux 5.10 Amd64 (not an official CPE) Rpath Rpath linux 1 (not an official CPE) Redhat Linux advanced workstation 2.1 Itanium (not an official CPE) Redhat Linux advanced workstation 2.1 Ia64 (not an official CPE) Red Hat Desktop 3.0 Red Hat Desktop 4.0 Redhat Enterprise linux 5.0 Desktop workstation (not an official CPE) Redhat Enterprise linux 5.0 Server (not an official CPE) Redhat Enterprise linux 4.0 Workstation (not an official CPE) Redhat Enterprise linux 5.0 Desktop (not an official CPE) Redhat Enterprise linux 4.0 Enterprise server (not an official CPE) Redhat Enterprise linux 3.0 Workstation (not an official CPE) Redhat Enterprise linux 4.0 Advanced server (not an official CPE) Redhat Enterprise linux 3.0 Enterprise server (not an official CPE) Redhat Enterprise linux 3.0 Advanced servers (not an official CPE) Redhat Enterprise linux 2.1 Workstation ia64 (not an official CPE) Redhat Enterprise linux 2.1 Workstation (not an official CPE) Redhat Enterprise linux 2.1 Enterprise server ia64 (not an official CPE) Redhat Enterprise linux 2.1 Advanced server ia64 (not an official CPE) Redhat Enterprise linux 2.1 Advanced server (not an official CPE) OpenBSD 4.0 OpenBSD 3.9 Ubuntu Ubuntu linux 6.10 I386 (not an official CPE) Ubuntu Ubuntu linux 6.10 Powerpc (not an official CPE) Ubuntu Ubuntu linux 6.10 Sparc (not an official CPE)