CVE-2007-1351 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2007-1351 Interim 1 19 2025-11-05T06:22:24Z current 2021-05-30T12:38:12Z 2025-11-05T06:22:24Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2007-1351 Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2HC2X7QHBT2WBBPLJKZM6OSSGDL3ZJ2L/#2HC2X7QHBT2WBBPLJKZM6OSSGDL3ZJ2L E-Mail link for SUSE-SA:2007:027 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZZVI4H7GYQ2UAAMMZBYAXO2BAF4JSWU2/#ZZVI4H7GYQ2UAAMMZBYAXO2BAF4JSWU2 E-Mail link for SUSE-SR:2007:006 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1 for Teradata SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3 for Teradata SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Server 11 SP4 LTSS SUSE Linux Enterprise Server 16.0 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Micro 6.0 SUSE Linux Micro 6.1 openSUSE Tumbleweed firefox-freetype2 freetype2-2.3.7-25.10.1 freetype2-2.3.7-25.28.1 freetype2-2.3.7-25.32.1 freetype2-2.3.7-25.35.36.1 freetype2-32bit-2.3.7-25.10.1 freetype2-32bit-2.3.7-25.28.1 freetype2-32bit-2.3.7-25.32.1 freetype2-32bit-2.3.7-25.35.36.1 freetype2-devel-2.11.0-1.2 freetype2-devel-2.13.3-160000.2.2 freetype2-devel-2.3.7-25.35.36.1 freetype2-devel-32bit-2.11.0-1.2 freetype2-devel-32bit-2.3.7-25.35.36.1 freetype2-profile-tti35-2.11.0-1.2 freetype2-profile-tti35-2.13.3-160000.2.2 freetype2-x86-2.3.7-25.10.1 freetype2-x86-2.3.7-25.28.1 freetype2-x86-2.3.7-25.32.1 freetype2-x86-2.3.7-25.35.36.1 ft2demos-2.3.7-25.32.1 ft2demos-2.3.7-25.35.36.1 ft2demos-2.3.7-25.9 ftbench-2.13.3-160000.2.2 ftdiff-2.13.3-160000.2.2 ftdump-2.13.3-160000.2.2 ftgamma-2.13.3-160000.2.2 ftgrid-2.13.3-160000.2.2 ftlint-2.13.3-160000.2.2 ftmulti-2.13.3-160000.2.2 ftsdf-2.13.3-160000.2.2 ftstring-2.13.3-160000.2.2 ftvalid-2.13.3-160000.2.2 ftview-2.13.3-160000.2.2 libfreetype6-2.11.0-1.2 libfreetype6-2.13.2-1.6 libfreetype6-2.13.2-slfo.1.1_1.2 libfreetype6-2.13.3-160000.2.2 libfreetype6-32bit-2.11.0-1.2 freetype2-2.3.7-25.10.1 as a component of SUSE Linux Enterprise Server 11 SP1 freetype2-32bit-2.3.7-25.10.1 as a component of SUSE Linux Enterprise Server 11 SP1 freetype2-x86-2.3.7-25.10.1 as a component of SUSE Linux Enterprise Server 11 SP1 ft2demos-2.3.7-25.9 as a component of SUSE Linux Enterprise Server 11 SP1 freetype2-2.3.7-25.28.1 as a component of SUSE Linux Enterprise Server 11 SP2 freetype2-32bit-2.3.7-25.28.1 as a component of SUSE Linux Enterprise Server 11 SP2 freetype2-x86-2.3.7-25.28.1 as a component of SUSE Linux Enterprise Server 11 SP2 ft2demos-2.3.7-25.9 as a component of SUSE Linux Enterprise Server 11 SP2 freetype2-2.3.7-25.32.1 as a component of SUSE Linux Enterprise Server 11 SP3 freetype2-32bit-2.3.7-25.32.1 as a component of SUSE Linux Enterprise Server 11 SP3 freetype2-x86-2.3.7-25.32.1 as a component of SUSE Linux Enterprise Server 11 SP3 ft2demos-2.3.7-25.32.1 as a component of SUSE Linux Enterprise Server 11 SP3 freetype2-2.3.7-25.35.36.1 as a component of SUSE Linux Enterprise Server 11 SP4 freetype2-32bit-2.3.7-25.35.36.1 as a component of SUSE Linux Enterprise Server 11 SP4 freetype2-x86-2.3.7-25.35.36.1 as a component of SUSE Linux Enterprise Server 11 SP4 ft2demos-2.3.7-25.35.36.1 as a component of SUSE Linux Enterprise Server 11 SP4 freetype2-devel-2.13.3-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 freetype2-profile-tti35-2.13.3-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 ftbench-2.13.3-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 ftdiff-2.13.3-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 ftdump-2.13.3-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 ftgamma-2.13.3-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 ftgrid-2.13.3-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 ftlint-2.13.3-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 ftmulti-2.13.3-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 ftsdf-2.13.3-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 ftstring-2.13.3-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 ftvalid-2.13.3-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 ftview-2.13.3-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 libfreetype6-2.13.3-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 freetype2-devel-2.3.7-25.35.36.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 freetype2-devel-32bit-2.3.7-25.35.36.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 libfreetype6-2.13.2-1.6 as a component of SUSE Linux Micro 6.0 libfreetype6-2.13.2-slfo.1.1_1.2 as a component of SUSE Linux Micro 6.1 freetype2-devel-2.11.0-1.2 as a component of openSUSE Tumbleweed freetype2-devel-32bit-2.11.0-1.2 as a component of openSUSE Tumbleweed freetype2-profile-tti35-2.11.0-1.2 as a component of openSUSE Tumbleweed libfreetype6-2.11.0-1.2 as a component of openSUSE Tumbleweed libfreetype6-32bit-2.11.0-1.2 as a component of openSUSE Tumbleweed firefox-freetype2 as a component of SUSE Linux Enterprise Server 11 SP1 for Teradata firefox-freetype2 as a component of SUSE Linux Enterprise Server 11 SP3 for Teradata firefox-freetype2 as a component of SUSE Linux Enterprise Server 11 SP4 LTSS Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow. CVE-2007-1351 SUSE Linux Enterprise Server 11 SP1:freetype2-2.3.7-25.10.1 SUSE Linux Enterprise Server 11 SP1:freetype2-32bit-2.3.7-25.10.1 SUSE Linux Enterprise Server 11 SP1:freetype2-x86-2.3.7-25.10.1 SUSE Linux Enterprise Server 11 SP1:ft2demos-2.3.7-25.9 SUSE Linux Enterprise Server 11 SP2:freetype2-2.3.7-25.28.1 SUSE Linux Enterprise Server 11 SP2:freetype2-32bit-2.3.7-25.28.1 SUSE Linux Enterprise Server 11 SP2:freetype2-x86-2.3.7-25.28.1 SUSE Linux Enterprise Server 11 SP2:ft2demos-2.3.7-25.9 SUSE Linux Enterprise Server 11 SP3:freetype2-2.3.7-25.32.1 SUSE Linux Enterprise Server 11 SP3:freetype2-32bit-2.3.7-25.32.1 SUSE Linux Enterprise Server 11 SP3:freetype2-x86-2.3.7-25.32.1 SUSE Linux Enterprise Server 11 SP3:ft2demos-2.3.7-25.32.1 SUSE Linux Enterprise Server 11 SP4:freetype2-2.3.7-25.35.36.1 SUSE Linux Enterprise Server 11 SP4:freetype2-32bit-2.3.7-25.35.36.1 SUSE Linux Enterprise Server 11 SP4:freetype2-x86-2.3.7-25.35.36.1 SUSE Linux Enterprise Server 11 SP4:ft2demos-2.3.7-25.35.36.1 SUSE Linux Enterprise Server 16.0:freetype2-devel-2.13.3-160000.2.2 SUSE Linux Enterprise Server 16.0:freetype2-profile-tti35-2.13.3-160000.2.2 SUSE Linux Enterprise Server 16.0:ftbench-2.13.3-160000.2.2 SUSE Linux Enterprise Server 16.0:ftdiff-2.13.3-160000.2.2 SUSE Linux Enterprise Server 16.0:ftdump-2.13.3-160000.2.2 SUSE Linux Enterprise Server 16.0:ftgamma-2.13.3-160000.2.2 SUSE Linux Enterprise Server 16.0:ftgrid-2.13.3-160000.2.2 SUSE Linux Enterprise Server 16.0:ftlint-2.13.3-160000.2.2 SUSE Linux Enterprise Server 16.0:ftmulti-2.13.3-160000.2.2 SUSE Linux Enterprise Server 16.0:ftsdf-2.13.3-160000.2.2 SUSE Linux Enterprise Server 16.0:ftstring-2.13.3-160000.2.2 SUSE Linux Enterprise Server 16.0:ftvalid-2.13.3-160000.2.2 SUSE Linux Enterprise Server 16.0:ftview-2.13.3-160000.2.2 SUSE Linux Enterprise Server 16.0:libfreetype6-2.13.3-160000.2.2 SUSE Linux Enterprise Software Development Kit 11 SP4:freetype2-devel-2.3.7-25.35.36.1 SUSE Linux Enterprise Software Development Kit 11 SP4:freetype2-devel-32bit-2.3.7-25.35.36.1 SUSE Linux Micro 6.0:libfreetype6-2.13.2-1.6 SUSE Linux Micro 6.1:libfreetype6-2.13.2-slfo.1.1_1.2 openSUSE Tumbleweed:freetype2-devel-2.11.0-1.2 openSUSE Tumbleweed:freetype2-devel-32bit-2.11.0-1.2 openSUSE Tumbleweed:freetype2-profile-tti35-2.11.0-1.2 openSUSE Tumbleweed:libfreetype6-2.11.0-1.2 openSUSE Tumbleweed:libfreetype6-32bit-2.11.0-1.2 important 8.5 AV:N/AC:M/Au:S/C:C/I:C/A:C