CVE-2007-1351
freetype - arbitrary code execution
EPSS 7.8%
Description
Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.
How to fix CVE-2007-1351
To remediate CVE-2007-1351, upgrade the affected package to a fixed version below.
- Debian/freetype—upgrade to 2.3.5-1 or later
- Debian/freetype—upgrade to 2.2.1-5+etch2 or later
- Debian/libxfont—upgrade to 1:1.2.2-2 or later
Is CVE-2007-1351 being exploited?
Moderate — EPSS is 7.8%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (3)
- from 0, < 2.3.5-1
- from 0, < 2.2.1-5+etch2
- from 0, < 1:1.2.2-2