Description
Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.
CVSS Metrics
- Vector
- AV:N/AC:M/Au:S/C:C/I:C/A:C
- Access Vector
- network
- Access Cmplx
- medium
- Auth
- single
- Confidentiality
- complete
- Integrity
- complete
- Availability
- complete
- Weaknesses
- CWE-189
Metadata
- Primary Vendor
- UBUNTU
- Published
- 4/6/2007
- Last Modified
- 4/9/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
ubuntu : ubuntu_linuxubuntu : ubuntu_linuxubuntu : ubuntu_linuxubuntu : ubuntu_linuxubuntu : ubuntu_linuxubuntu : ubuntu_linuxubuntu : ubuntu_linuxubuntu : ubuntu_linuxubuntu : ubuntu_linuxubuntu : ubuntu_linuxubuntu : ubuntu_linuxubuntu : ubuntu_linuxx.org : libxfontxfree86_project : x11r6xfree86_project : x11r6xfree86_project : x11r6rpath : rpath_linuxredhat : enterprise_linuxredhat : enterprise_linuxredhat : enterprise_linuxredhat : enterprise_linuxredhat : enterprise_linuxredhat : enterprise_linuxredhat : enterprise_linuxredhat : enterprise_linuxredhat : enterprise_linuxredhat : enterprise_linuxredhat : enterprise_linuxredhat : enterprise_linuxredhat : enterprise_linuxredhat : enterprise_linuxredhat : enterprise_linuxredhat : enterprise_linux_desktopredhat : enterprise_linux_desktopredhat : linux_advanced_workstationredhat : linux_advanced_workstationopenbsd : openbsdopenbsd : openbsdmandrakesoft : mandrake_multi_network_firewall
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.