CVE-2007-1351

EPSS 7.8%

freetype - arbitrary code execution

Published: 4/6/2007Modified: 4/28/2026

Description

Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.

Affected packages (3)

Debian/freetypefrom 0, < 2.3.5-1
Debian/freetypefrom 0, < 2.2.1-5+etch2
Debian/libxfontfrom 0, < 1:1.2.2-2

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2007-1351