// For flags

CVE-2007-1352

Multiple font integer overflows (CVE-2007-1352)

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow.

Desbordamiento de entero en la función FontFileInitTable en X.Org libXfont versiones anteriores a 20070403 permite a usuarios remotos autenticados ejecutar código de su elección mediante una primera línea larga en el fichero fonts.dir, lo cual resulta en un desbordamiento de montón.

Local exploitation of a memory corruption vulnerability in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. The vulnerability exists in the ProcXCMiscGetXIDList() function in the XC-MISC extension. This request is used to determine what resource IDs are available for use. This function contains two vulnerabilities, both result in memory corruption of either the stack or heap. The ALLOCATE_LOCAL() macro used by this function allocates memory on the stack using alloca() on systems where alloca() is present, or using the heap otherwise. The handler function takes a user provided value, multiplies it, and then passes it to the above macro. This results in both an integer overflow vulnerability, and an alloca() stack pointer shifting vulnerability. Both can be exploited to execute arbitrary code. iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. Multiple integer overflows in the XGetPixel function in ImUtil.c in x.org libx11 before 1.0.3, and XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or information leak via crafted images with large or negative values that trigger a buffer overflow.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Adjacent
Attack Complexity
Medium
Authentication
Single
Confidentiality
None
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-03-08 CVE Reserved
  • 2007-04-05 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (47)
URL Tag Source
http://issues.foresightlinux.org/browse/FL-223 X_refsource_confirm
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=502 Third Party Advisory
http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html Mailing List
http://secunia.com/advisories/24745 Third Party Advisory
http://secunia.com/advisories/24758 Third Party Advisory
http://secunia.com/advisories/24765 Third Party Advisory
http://secunia.com/advisories/24771 Third Party Advisory
http://secunia.com/advisories/24772 Third Party Advisory
http://secunia.com/advisories/24791 Third Party Advisory
http://secunia.com/advisories/25004 Third Party Advisory
http://secunia.com/advisories/25006 Third Party Advisory
http://secunia.com/advisories/25195 Third Party Advisory
http://secunia.com/advisories/25216 Third Party Advisory
http://secunia.com/advisories/25305 Third Party Advisory
http://secunia.com/advisories/33937 Third Party Advisory
http://support.apple.com/kb/HT3438 X_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm X_refsource_confirm
http://www.securityfocus.com/archive/1/464686/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/464816/100/0/threaded Mailing List
http://www.securityfocus.com/bid/23283 Vdb Entry
http://www.securityfocus.com/bid/23300 Vdb Entry
http://www.securitytracker.com/id?1017857 Vdb Entry
http://www.vupen.com/english/advisories/2007/1217 Vdb Entry
http://www.vupen.com/english/advisories/2007/1548 Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/33419 Vdb Entry
https://issues.rpath.com/browse/RPL-1213 X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10523 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13243 Signature
URL Date SRC
URL Date SRC
http://secunia.com/advisories/24756 2018-10-16
http://secunia.com/advisories/24770 2018-10-16
URL Date SRC
http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html 2018-10-16
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html 2018-10-16
http://rhn.redhat.com/errata/RHSA-2007-0125.html 2018-10-16
http://secunia.com/advisories/24741 2018-10-16
http://security.gentoo.org/glsa/glsa-200705-10.xml 2018-10-16
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1 2018-10-16
http://www.debian.org/security/2007/dsa-1294 2018-10-16
http://www.mandriva.com/security/advisories?name=MDKSA-2007:079 2018-10-16
http://www.mandriva.com/security/advisories?name=MDKSA-2007:080 2018-10-16
http://www.novell.com/linux/security/advisories/2007_27_x.html 2018-10-16
http://www.openbsd.org/errata39.html#021_xorg 2018-10-16
http://www.openbsd.org/errata40.html#011_xorg 2018-10-16
http://www.redhat.com/support/errata/RHSA-2007-0126.html 2018-10-16
http://www.redhat.com/support/errata/RHSA-2007-0132.html 2018-10-16
http://www.ubuntu.com/usn/usn-448-1 2018-10-16
https://access.redhat.com/security/cve/CVE-2007-1352 2007-04-03
https://bugzilla.redhat.com/show_bug.cgi?id=235265 2007-04-03
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Mandrakesoft
Search vendor "Mandrakesoft"
 Mandrake Multi Network Firewall
Search vendor "Mandrakesoft" for product "Mandrake Multi Network Firewall"
 2.0
Search vendor "Mandrakesoft" for product "Mandrake Multi Network Firewall" and version "2.0"
-
Affected
in Mandrakesoft
Search vendor "Mandrakesoft"
 Mandrake Linux
Search vendor "Mandrakesoft" for product "Mandrake Linux"
 9.1
Search vendor "Mandrakesoft" for product "Mandrake Linux" and version "9.1"
-
Safe
Mandrakesoft
Search vendor "Mandrakesoft"
 Mandrake Multi Network Firewall
Search vendor "Mandrakesoft" for product "Mandrake Multi Network Firewall"
 2.0
Search vendor "Mandrakesoft" for product "Mandrake Multi Network Firewall" and version "2.0"
-
Affected
in Mandrakesoft
Search vendor "Mandrakesoft"
 Mandrake Linux
Search vendor "Mandrakesoft" for product "Mandrake Linux"
 9.1
Search vendor "Mandrakesoft" for product "Mandrake Linux" and version "9.1"
ppc
Safe
Mandrakesoft
Search vendor "Mandrakesoft"
 Mandrake Multi Network Firewall
Search vendor "Mandrakesoft" for product "Mandrake Multi Network Firewall"
 2.0
Search vendor "Mandrakesoft" for product "Mandrake Multi Network Firewall" and version "2.0"
-
Affected
in Mandrakesoft
Search vendor "Mandrakesoft"
 Mandrake Linux
Search vendor "Mandrakesoft" for product "Mandrake Linux"
 9.2
Search vendor "Mandrakesoft" for product "Mandrake Linux" and version "9.2"
-
Safe
Mandrakesoft
Search vendor "Mandrakesoft"
 Mandrake Multi Network Firewall
Search vendor "Mandrakesoft" for product "Mandrake Multi Network Firewall"
 2.0
Search vendor "Mandrakesoft" for product "Mandrake Multi Network Firewall" and version "2.0"
-
Affected
in Mandrakesoft
Search vendor "Mandrakesoft"
 Mandrake Linux
Search vendor "Mandrakesoft" for product "Mandrake Linux"
 9.2
Search vendor "Mandrakesoft" for product "Mandrake Linux" and version "9.2"
amd64
Safe
Mandrakesoft
Search vendor "Mandrakesoft"
 Mandrake Multi Network Firewall
Search vendor "Mandrakesoft" for product "Mandrake Multi Network Firewall"
 2.0
Search vendor "Mandrakesoft" for product "Mandrake Multi Network Firewall" and version "2.0"
-
Affected
in Mandrakesoft
Search vendor "Mandrakesoft"
 Mandrake Linux
Search vendor "Mandrakesoft" for product "Mandrake Linux"
 10.0
Search vendor "Mandrakesoft" for product "Mandrake Linux" and version "10.0"
-
Safe
Mandrakesoft
Search vendor "Mandrakesoft"
 Mandrake Multi Network Firewall
Search vendor "Mandrakesoft" for product "Mandrake Multi Network Firewall"
 2.0
Search vendor "Mandrakesoft" for product "Mandrake Multi Network Firewall" and version "2.0"
-
Affected
in Mandrakesoft
Search vendor "Mandrakesoft"
 Mandrake Linux
Search vendor "Mandrakesoft" for product "Mandrake Linux"
 10.0
Search vendor "Mandrakesoft" for product "Mandrake Linux" and version "10.0"
amd64
Safe
Mandrakesoft
Search vendor "Mandrakesoft"
 Mandrake Multi Network Firewall
Search vendor "Mandrakesoft" for product "Mandrake Multi Network Firewall"
 2.0
Search vendor "Mandrakesoft" for product "Mandrake Multi Network Firewall" and version "2.0"
-
Affected
in Mandrakesoft
Search vendor "Mandrakesoft"
 Mandrake Linux
Search vendor "Mandrakesoft" for product "Mandrake Linux"
 2007
Search vendor "Mandrakesoft" for product "Mandrake Linux" and version "2007"
-
Safe
Mandrakesoft
Search vendor "Mandrakesoft"
 Mandrake Multi Network Firewall
Search vendor "Mandrakesoft" for product "Mandrake Multi Network Firewall"
 2.0
Search vendor "Mandrakesoft" for product "Mandrake Multi Network Firewall" and version "2.0"
-
Affected
in Mandrakesoft
Search vendor "Mandrakesoft"
 Mandrake Linux
Search vendor "Mandrakesoft" for product "Mandrake Linux"
 2007
Search vendor "Mandrakesoft" for product "Mandrake Linux" and version "2007"
x86_64
Safe
Mandrakesoft
Search vendor "Mandrakesoft"
 Mandrake Multi Network Firewall
Search vendor "Mandrakesoft" for product "Mandrake Multi Network Firewall"
 2.0
Search vendor "Mandrakesoft" for product "Mandrake Multi Network Firewall" and version "2.0"
-
Affected
in Mandrakesoft
Search vendor "Mandrakesoft"
 Mandrake Linux Corporate Server
Search vendor "Mandrakesoft" for product "Mandrake Linux Corporate Server"
 3.0
Search vendor "Mandrakesoft" for product "Mandrake Linux Corporate Server" and version "3.0"
-
Safe
Mandrakesoft
Search vendor "Mandrakesoft"
 Mandrake Multi Network Firewall
Search vendor "Mandrakesoft" for product "Mandrake Multi Network Firewall"
 2.0
Search vendor "Mandrakesoft" for product "Mandrake Multi Network Firewall" and version "2.0"
-
Affected
in Mandrakesoft
Search vendor "Mandrakesoft"
 Mandrake Linux Corporate Server
Search vendor "Mandrakesoft" for product "Mandrake Linux Corporate Server"
 3.0
Search vendor "Mandrakesoft" for product "Mandrake Linux Corporate Server" and version "3.0"
x86_64
Safe
Mandrakesoft
Search vendor "Mandrakesoft"
 Mandrake Multi Network Firewall
Search vendor "Mandrakesoft" for product "Mandrake Multi Network Firewall"
 2.0
Search vendor "Mandrakesoft" for product "Mandrake Multi Network Firewall" and version "2.0"
-
Affected
in Mandrakesoft
Search vendor "Mandrakesoft"
 Mandrake Linux Corporate Server
Search vendor "Mandrakesoft" for product "Mandrake Linux Corporate Server"
 4.0
Search vendor "Mandrakesoft" for product "Mandrake Linux Corporate Server" and version "4.0"
-
Safe
Mandrakesoft
Search vendor "Mandrakesoft"
 Mandrake Multi Network Firewall
Search vendor "Mandrakesoft" for product "Mandrake Multi Network Firewall"
 2.0
Search vendor "Mandrakesoft" for product "Mandrake Multi Network Firewall" and version "2.0"
-
Affected
in Mandrakesoft
Search vendor "Mandrakesoft"
 Mandrake Linux Corporate Server
Search vendor "Mandrakesoft" for product "Mandrake Linux Corporate Server"
 4.0
Search vendor "Mandrakesoft" for product "Mandrake Linux Corporate Server" and version "4.0"
x86_64
Safe
X.org
Search vendor "X.org"
 Libxfont
Search vendor "X.org" for product "Libxfont"
 1.2.2
Search vendor "X.org" for product "Libxfont" and version "1.2.2"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
 2.1
Search vendor "Redhat" for product "Enterprise Linux" and version "2.1"
advanced_server
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
 2.1
Search vendor "Redhat" for product "Enterprise Linux" and version "2.1"
advanced_server_ia64
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
 2.1
Search vendor "Redhat" for product "Enterprise Linux" and version "2.1"
enterprise_server
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
 2.1
Search vendor "Redhat" for product "Enterprise Linux" and version "2.1"
enterprise_server_ia64
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
 2.1
Search vendor "Redhat" for product "Enterprise Linux" and version "2.1"
workstation
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
 2.1
Search vendor "Redhat" for product "Enterprise Linux" and version "2.1"
workstation_ia64
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
 3.0
Search vendor "Redhat" for product "Enterprise Linux" and version "3.0"
advanced_server
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
 3.0
Search vendor "Redhat" for product "Enterprise Linux" and version "3.0"
enterprise_server
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
 3.0
Search vendor "Redhat" for product "Enterprise Linux" and version "3.0"
workstation_server
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
 4.0
Search vendor "Redhat" for product "Enterprise Linux" and version "4.0"
advanced_server
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
 4.0
Search vendor "Redhat" for product "Enterprise Linux" and version "4.0"
enterprise_server
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
 4.0
Search vendor "Redhat" for product "Enterprise Linux" and version "4.0"
workstation
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Desktop
Search vendor "Redhat" for product "Enterprise Linux Desktop"
 3.0
Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "3.0"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Desktop
Search vendor "Redhat" for product "Enterprise Linux Desktop"
 4.0
Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "4.0"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Desktop
Search vendor "Redhat" for product "Enterprise Linux Desktop"
 5.0
Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "5.0"
client
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Desktop
Search vendor "Redhat" for product "Enterprise Linux Desktop"
 5.0
Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "5.0"
client_workstation
Affected
Redhat
Search vendor "Redhat"
 Fedora Core
Search vendor "Redhat" for product "Fedora Core"
 core_1.0
Search vendor "Redhat" for product "Fedora Core" and version "core_1.0"
-
Affected
Redhat
Search vendor "Redhat"
 Linux
Search vendor "Redhat" for product "Linux"
 9.0
Search vendor "Redhat" for product "Linux" and version "9.0"
i386
Affected
Redhat
Search vendor "Redhat"
 Linux Advanced Workstation
Search vendor "Redhat" for product "Linux Advanced Workstation"
 2.1
Search vendor "Redhat" for product "Linux Advanced Workstation" and version "2.1"
ia64
Affected
Redhat
Search vendor "Redhat"
 Linux Advanced Workstation
Search vendor "Redhat" for product "Linux Advanced Workstation"
 2.1
Search vendor "Redhat" for product "Linux Advanced Workstation" and version "2.1"
itanium
Affected
Slackware
Search vendor "Slackware"
 Slackware Linux
Search vendor "Slackware" for product "Slackware Linux"
 9.0
Search vendor "Slackware" for product "Slackware Linux" and version "9.0"
-
Affected
Slackware
Search vendor "Slackware"
 Slackware Linux
Search vendor "Slackware" for product "Slackware Linux"
 9.1
Search vendor "Slackware" for product "Slackware Linux" and version "9.1"
-
Affected
Slackware
Search vendor "Slackware"
 Slackware Linux
Search vendor "Slackware" for product "Slackware Linux"
 current
Search vendor "Slackware" for product "Slackware Linux" and version "current"
-
Affected
Turbolinux
Search vendor "Turbolinux"
 Turbolinux Desktop
Search vendor "Turbolinux" for product "Turbolinux Desktop"
 10.0
Search vendor "Turbolinux" for product "Turbolinux Desktop" and version "10.0"
-
Affected
Ubuntu
Search vendor "Ubuntu"
 Ubuntu Linux
Search vendor "Ubuntu" for product "Ubuntu Linux"
 4.1
Search vendor "Ubuntu" for product "Ubuntu Linux" and version "4.1"
ia32
Affected
Ubuntu
Search vendor "Ubuntu"
 Ubuntu Linux
Search vendor "Ubuntu" for product "Ubuntu Linux"
 4.1
Search vendor "Ubuntu" for product "Ubuntu Linux" and version "4.1"
ia64
Affected
Ubuntu
Search vendor "Ubuntu"
 Ubuntu Linux
Search vendor "Ubuntu" for product "Ubuntu Linux"
 4.1
Search vendor "Ubuntu" for product "Ubuntu Linux" and version "4.1"
ppc
Affected
Ubuntu
Search vendor "Ubuntu"
 Ubuntu Linux
Search vendor "Ubuntu" for product "Ubuntu Linux"
 5.10
Search vendor "Ubuntu" for product "Ubuntu Linux" and version "5.10"
amd64
Affected
Ubuntu
Search vendor "Ubuntu"
 Ubuntu Linux
Search vendor "Ubuntu" for product "Ubuntu Linux"
 5.10
Search vendor "Ubuntu" for product "Ubuntu Linux" and version "5.10"
i386
Affected
Ubuntu
Search vendor "Ubuntu"
 Ubuntu Linux
Search vendor "Ubuntu" for product "Ubuntu Linux"
 5.10
Search vendor "Ubuntu" for product "Ubuntu Linux" and version "5.10"
powerpc
Affected
Ubuntu
Search vendor "Ubuntu"
 Ubuntu Linux
Search vendor "Ubuntu" for product "Ubuntu Linux"
 5.10
Search vendor "Ubuntu" for product "Ubuntu Linux" and version "5.10"
sparc
Affected
Ubuntu
Search vendor "Ubuntu"
 Ubuntu Linux
Search vendor "Ubuntu" for product "Ubuntu Linux"
 6.06_lts
Search vendor "Ubuntu" for product "Ubuntu Linux" and version "6.06_lts"
amd64
Affected
Ubuntu
Search vendor "Ubuntu"
 Ubuntu Linux
Search vendor "Ubuntu" for product "Ubuntu Linux"
 6.06_lts
Search vendor "Ubuntu" for product "Ubuntu Linux" and version "6.06_lts"
i386
Affected
Ubuntu
Search vendor "Ubuntu"
 Ubuntu Linux
Search vendor "Ubuntu" for product "Ubuntu Linux"
 6.06_lts
Search vendor "Ubuntu" for product "Ubuntu Linux" and version "6.06_lts"
powerpc
Affected
Ubuntu
Search vendor "Ubuntu"
 Ubuntu Linux
Search vendor "Ubuntu" for product "Ubuntu Linux"
 6.06_lts
Search vendor "Ubuntu" for product "Ubuntu Linux" and version "6.06_lts"
sparc
Affected
Ubuntu
Search vendor "Ubuntu"
 Ubuntu Linux
Search vendor "Ubuntu" for product "Ubuntu Linux"
 6.10
Search vendor "Ubuntu" for product "Ubuntu Linux" and version "6.10"
amd64
Affected
Ubuntu
Search vendor "Ubuntu"
 Ubuntu Linux
Search vendor "Ubuntu" for product "Ubuntu Linux"
 6.10
Search vendor "Ubuntu" for product "Ubuntu Linux" and version "6.10"
i386
Affected
Ubuntu
Search vendor "Ubuntu"
 Ubuntu Linux
Search vendor "Ubuntu" for product "Ubuntu Linux"
 6.10
Search vendor "Ubuntu" for product "Ubuntu Linux" and version "6.10"
powerpc
Affected
Ubuntu
Search vendor "Ubuntu"
 Ubuntu Linux
Search vendor "Ubuntu" for product "Ubuntu Linux"
 6.10
Search vendor "Ubuntu" for product "Ubuntu Linux" and version "6.10"
sparc
Affected
Rpath
Search vendor "Rpath"
 Linux
Search vendor "Rpath" for product "Linux"
 1
Search vendor "Rpath" for product "Linux" and version "1"
-
Affected
Openbsd
Search vendor "Openbsd"
 Openbsd
Search vendor "Openbsd" for product "Openbsd"
 3.9
Search vendor "Openbsd" for product "Openbsd" and version "3.9"
-
Affected
Openbsd
Search vendor "Openbsd"
 Openbsd
Search vendor "Openbsd" for product "Openbsd"
 4.0
Search vendor "Openbsd" for product "Openbsd" and version "4.0"
-
Affected