Vulnerabilites related to x - libxfont
Vulnerability from fkie_nvd
Published
2014-05-15 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| x | libxfont | * | |
| x | libxfont | 1.2.3 | |
| x | libxfont | 1.2.4 | |
| x | libxfont | 1.2.5 | |
| x | libxfont | 1.2.6 | |
| x | libxfont | 1.2.7 | |
| x | libxfont | 1.2.8 | |
| x | libxfont | 1.2.9 | |
| x | libxfont | 1.3.0 | |
| x | libxfont | 1.3.1 | |
| x | libxfont | 1.3.2 | |
| x | libxfont | 1.3.3 | |
| x | libxfont | 1.3.4 | |
| x | libxfont | 1.4.0 | |
| x | libxfont | 1.4.1 | |
| x | libxfont | 1.4.2 | |
| x | libxfont | 1.4.3 | |
| x | libxfont | 1.4.4 | |
| x | libxfont | 1.4.5 | |
| x | libxfont | 1.4.6 | |
| x | libxfont | 1.4.99 | |
| canonical | ubuntu_linux | 10.04 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 12.10 | |
| canonical | ubuntu_linux | 13.10 | |
| canonical | ubuntu_linux | 14.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:x:libxfont:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60D58307-30CB-4A71-99EA-8C42329AFFA7",
"versionEndIncluding": "1.4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C1437F3D-127E-45E7-B678-85BF208BAD30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "26743145-32B4-45A6-8912-2B97EF59B677",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1C18E74E-DB01-4D5F-BD18-DE370BA56A38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "06DBC61A-10CD-41ED-AC1B-16C867823059",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "061E16E4-0DD2-45B0-927D-5E6D97D54D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "58F3B17A-D8A9-4581-8EAC-4D6498A23F4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D064C118-DC51-46CF-961E-3D70C1EEFC92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D9F45C46-F416-46FC-8C98-79D57BB397D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B21FE78A-41E1-46A7-8129-94CBA34A3FA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5ADFF46D-9680-410C-B8B8-79F629534465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D36FBB2E-7BCD-4212-AE04-8C7C6B57CD49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8A603E28-7D58-44FB-819E-5F22FA9860EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2D9EE6A0-89DC-464D-890F-2C0E5CDCFAA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B056FDAB-4B10-4B32-A942-84864D39CBD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "642C350E-C81B-46F7-84B4-D3DE45E70DC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D5FC93A4-0138-4293-9C02-504469223399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "53524431-385B-4FF5-8C5E-4B708099096D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "375B1A11-E0B4-424D-926B-AF3AED0A7D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8470304F-5C5A-4260-BEAB-E7F6F81015BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.4.99:*:*:*:*:*:*:*",
"matchCriteriaId": "9EB8EE57-7DE8-4D1D-A227-F9B6510E1E09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*",
"matchCriteriaId": "7118F616-25CA-4E34-AA13-4D14BB62419F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*",
"matchCriteriaId": "F5D324C4-97C7-49D3-A809-9EAD4B690C69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7F61F047-129C-41A6-8A27-FFCBB8563E91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info function."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de buffer en X.Org libXfont anterior a 1.4.8 y 1.4.9x anterior a 1.4.99.901 permiten a servidores remotos de fuentes ejecutar c\u00f3digo arbitrario a trav\u00e9s de una respuesta de protocolo xfs manipulada hacia la funci\u00f3n (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5) fs_read_glyphs, (6) fs_read_list o (7) fs_read_list_info."
}
],
"id": "CVE-2014-0210",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-15T14:55:07.323",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://advisories.mageia.org/MGASA-2014-0278.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00073.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.x.org/archives/xorg-announce/2014-May/002431.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1893.html"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/59154"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2014/dsa-2927"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:145"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/67382"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2211-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2014-0278.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00073.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.x.org/archives/xorg-announce/2014-May/002431.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1893.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2927"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/67382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2211-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-03-20 14:59
Modified
2025-04-12 10:46
Severity ?
Summary
The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a crafted BDF font file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| canonical | ubuntu_linux | 10.04 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 14.10 | |
| debian | debian_linux | 7.0 | |
| x | libxfont | * | |
| x | libxfont | 1.5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "5D37DF0F-F863-45AC-853A-3E04F9FEC7CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*",
"matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:x:libxfont:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4E91328-0838-49CB-97BE-431214EB950F",
"versionEndIncluding": "1.4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42C76E2D-A549-473E-B2AC-046782B8B02A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a crafted BDF font file."
},
{
"lang": "es",
"value": "La funci\u00f3n bdfReadCharacters en bitmap/bdfread.c en X.Org libXfont anterior a 1.4.9 y 1.5.x anterior a 1.5.1 no maneja adecuadamente caracteres bitmaps que no se pueden leer, lo que permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (referencia a puntero NULO y ca\u00edda) y la posibilidad de ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo de fuente BDF."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/476.html\"\u003eCWE-476: NULL Pointer Dereference\u003c/a\u003e",
"id": "CVE-2015-1803",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-03-20T14:59:02.403",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://advisories.mageia.org/MGASA-2015-0113.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152497.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152838.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00032.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00002.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00005.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1708.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2015/dsa-3194"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:145"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/73280"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1031935"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2536-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.x.org/wiki/Development/Security/Advisory-2015-03-17/"
},
{
"source": "secalert@redhat.com",
"url": "https://security.gentoo.org/glsa/201507-21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2015-0113.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152497.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152838.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1708.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3194"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/73280"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1031935"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2536-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.x.org/wiki/Development/Security/Advisory-2015-03-17/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201507-21"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-12-01 17:29
Modified
2025-04-20 01:37
Severity ?
Summary
In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 17.04 | |
| canonical | ubuntu_linux | 17.10 | |
| x | libxfont | * | |
| x | libxfont | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*",
"matchCriteriaId": "588D4F37-0A56-47A4-B710-4D5F3D214FB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:x:libxfont:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2EF948B6-54AC-420B-8AB1-FE7457BFDA71",
"versionEndExcluding": "1.5.4",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C5EEDFA-B5A6-488D-9C54-DC21842C861D",
"versionEndExcluding": "2.0.3",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files."
},
{
"lang": "es",
"value": "En libXfont en versiones anteriores a la 1.5.4 y libXfont2 en versiones anteriores a la 2.0.3, un atacante local puede abrir (pero no leer) archivos en el sistema como root, desencadenando rebobinados de cinta, watchdogs o mecanismos similares que se pueden desencadenar abriendo archivos."
}
],
"id": "CVE-2017-16611",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-01T17:29:00.463",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://security.cucumberlinux.com/security/details.php?id=155"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/11/28/7"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3500-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Tool Signature",
"VDB Entry"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1050459"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00028.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://marc.info/?l=freedesktop-xorg-announce\u0026m=151188044218304\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://marc.info/?l=freedesktop-xorg-announce\u0026m=151188049718337\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201801-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.cucumberlinux.com/security/details.php?id=155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/11/28/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3500-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Tool Signature",
"VDB Entry"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1050459"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00028.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://marc.info/?l=freedesktop-xorg-announce\u0026m=151188044218304\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://marc.info/?l=freedesktop-xorg-announce\u0026m=151188049718337\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201801-10"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-18 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
A single byte overflow in catalogue.c in X.Org libXfont 1.3.1 allows remote attackers to have unspecified impact.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.suse.com/show_bug.cgi?id=327854 | Exploit, Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=5bf703700ee4a5d6eae20da07cb7a29369667aef | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.suse.com/show_bug.cgi?id=327854 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=5bf703700ee4a5d6eae20da07cb7a29369667aef | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:x:libxfont:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B21FE78A-41E1-46A7-8129-94CBA34A3FA5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A single byte overflow in catalogue.c in X.Org libXfont 1.3.1 allows remote attackers to have unspecified impact."
},
{
"lang": "es",
"value": "Un desbordamiento off by one en catalogue.c en X.Org libXfont 1.3.1 permite que atacantes remotos provoquen un impacto sin especificar."
}
],
"id": "CVE-2007-5199",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-18T20:29:00.193",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=327854"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=5bf703700ee4a5d6eae20da07cb7a29369667aef"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=327854"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=5bf703700ee4a5d6eae20da07cb7a29369667aef"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-15 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| x | libxfont | * | |
| x | libxfont | 1.2.3 | |
| x | libxfont | 1.2.4 | |
| x | libxfont | 1.2.5 | |
| x | libxfont | 1.2.6 | |
| x | libxfont | 1.2.7 | |
| x | libxfont | 1.2.8 | |
| x | libxfont | 1.2.9 | |
| x | libxfont | 1.3.0 | |
| x | libxfont | 1.3.1 | |
| x | libxfont | 1.3.2 | |
| x | libxfont | 1.3.3 | |
| x | libxfont | 1.3.4 | |
| x | libxfont | 1.4.0 | |
| x | libxfont | 1.4.1 | |
| x | libxfont | 1.4.2 | |
| x | libxfont | 1.4.3 | |
| x | libxfont | 1.4.4 | |
| x | libxfont | 1.4.5 | |
| x | libxfont | 1.4.6 | |
| x | libxfont | 1.4.99 | |
| canonical | ubuntu_linux | 10.04 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 12.10 | |
| canonical | ubuntu_linux | 13.10 | |
| canonical | ubuntu_linux | 14.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:x:libxfont:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60D58307-30CB-4A71-99EA-8C42329AFFA7",
"versionEndIncluding": "1.4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C1437F3D-127E-45E7-B678-85BF208BAD30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "26743145-32B4-45A6-8912-2B97EF59B677",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1C18E74E-DB01-4D5F-BD18-DE370BA56A38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "06DBC61A-10CD-41ED-AC1B-16C867823059",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "061E16E4-0DD2-45B0-927D-5E6D97D54D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "58F3B17A-D8A9-4581-8EAC-4D6498A23F4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D064C118-DC51-46CF-961E-3D70C1EEFC92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D9F45C46-F416-46FC-8C98-79D57BB397D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B21FE78A-41E1-46A7-8129-94CBA34A3FA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5ADFF46D-9680-410C-B8B8-79F629534465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D36FBB2E-7BCD-4212-AE04-8C7C6B57CD49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8A603E28-7D58-44FB-819E-5F22FA9860EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2D9EE6A0-89DC-464D-890F-2C0E5CDCFAA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B056FDAB-4B10-4B32-A942-84864D39CBD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "642C350E-C81B-46F7-84B4-D3DE45E70DC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D5FC93A4-0138-4293-9C02-504469223399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "53524431-385B-4FF5-8C5E-4B708099096D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "375B1A11-E0B4-424D-926B-AF3AED0A7D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8470304F-5C5A-4260-BEAB-E7F6F81015BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.4.99:*:*:*:*:*:*:*",
"matchCriteriaId": "9EB8EE57-7DE8-4D1D-A227-F9B6510E1E09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*",
"matchCriteriaId": "7118F616-25CA-4E34-AA13-4D14BB62419F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*",
"matchCriteriaId": "F5D324C4-97C7-49D3-A809-9EAD4B690C69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7F61F047-129C-41A6-8A27-FFCBB8563E91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de enteros en las funciones (1) FontFileAddEntry y (2) lexAlias en X.Org libXfont anterior a 1.4.8 y 1.4.9x anterior a 1.4.99.901 podr\u00edan permitir a usuarios locales ganar privilegios mediante la adici\u00f3n de un directorio con un archivo fonts.dir o fonts.alias largo a la ruta de la fuente, lo que provoca un desbordamiento de buffer basado en memoria din\u00e1mica, relacionado con metadatos."
}
],
"id": "CVE-2014-0209",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-15T14:55:07.247",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://advisories.mageia.org/MGASA-2014-0278.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00073.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.x.org/archives/xorg-announce/2014-May/002431.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1893.html"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/59154"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2014/dsa-2927"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:145"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/67382"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2211-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2014-0278.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00073.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.x.org/archives/xorg-announce/2014-May/002431.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1893.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2927"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/67382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2211-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-03-20 14:59
Modified
2025-04-12 10:46
Severity ?
Summary
The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via a crafted BDF font file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| x | libxfont | * | |
| x | libxfont | 1.5.0 | |
| canonical | ubuntu_linux | 10.04 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 14.10 | |
| debian | debian_linux | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:x:libxfont:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4E91328-0838-49CB-97BE-431214EB950F",
"versionEndIncluding": "1.4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42C76E2D-A549-473E-B2AC-046782B8B02A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "5D37DF0F-F863-45AC-853A-3E04F9FEC7CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*",
"matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via a crafted BDF font file."
},
{
"lang": "es",
"value": "La funci\u00f3n bdfReadCharacters en bitmap/bdfread.c en X.Org libXfont anterior a 1.4.9 y 1.5.x anterior a 1.5.1 no realiza adecuadamente la conversi\u00f3n de tipos para valores m\u00e9tricos, lo que permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (acceso a memoria fuera de rango) y la posibilidad de ejecutar c\u00f3digo arbitrario a trav\u00e9s de archivos de fuente BDF."
}
],
"id": "CVE-2015-1804",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-03-20T14:59:03.403",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://advisories.mageia.org/MGASA-2015-0113.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152497.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152838.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00032.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00002.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00005.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00074.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1708.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2015/dsa-3194"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:145"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/73279"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1031935"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2536-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.x.org/wiki/Development/Security/Advisory-2015-03-17/"
},
{
"source": "secalert@redhat.com",
"url": "https://security.gentoo.org/glsa/201507-21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2015-0113.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152497.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152838.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00074.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1708.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3194"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/73279"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1031935"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2536-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.x.org/wiki/Development/Security/Advisory-2015-03-17/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201507-21"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-03-20 14:59
Modified
2025-04-12 10:46
Severity ?
Summary
The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a (1) negative or (2) large property count in a BDF font file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| x | libxfont | * | |
| x | libxfont | 1.5.0 | |
| canonical | ubuntu_linux | 10.04 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 14.10 | |
| debian | debian_linux | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:x:libxfont:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4E91328-0838-49CB-97BE-431214EB950F",
"versionEndIncluding": "1.4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42C76E2D-A549-473E-B2AC-046782B8B02A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "5D37DF0F-F863-45AC-853A-3E04F9FEC7CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*",
"matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a (1) negative or (2) large property count in a BDF font file."
},
{
"lang": "es",
"value": "La funci\u00f3n bdfReadProperties en bitmap/bdfread.c en X.Org libXfont anterior a 1.4.9 y 1.5.x anterior a 1.5.1 permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (escritura y ca\u00edda fuera de rango) o la posibilidad de ejecutar c\u00f3digo arbitrario a trav\u00e9s de (1) negative o (2) large property count en un archivo de fuente BDF."
}
],
"id": "CVE-2015-1802",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-03-20T14:59:00.093",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://advisories.mageia.org/MGASA-2015-0113.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152497.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152838.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00032.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00002.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00005.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1708.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2015/dsa-3194"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:145"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/73277"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1031935"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2536-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.x.org/wiki/Development/Security/Advisory-2015-03-17/"
},
{
"source": "secalert@redhat.com",
"url": "https://security.gentoo.org/glsa/201507-21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2015-0113.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152497.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152838.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1708.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3194"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/73277"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1031935"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2536-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.x.org/wiki/Development/Security/Advisory-2015-03-17/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201507-21"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-08-19 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freetype | freetype | 2.1.9 | |
| x | libxfont | * | |
| x | libxfont | 1.2.0 | |
| x | libxfont | 1.2.1 | |
| x | libxfont | 1.2.2 | |
| x | libxfont | 1.2.3 | |
| x | libxfont | 1.2.4 | |
| x | libxfont | 1.2.5 | |
| x | libxfont | 1.2.6 | |
| x | libxfont | 1.2.7 | |
| x | libxfont | 1.2.8 | |
| x | libxfont | 1.2.9 | |
| x | libxfont | 1.3.0 | |
| x | libxfont | 1.3.1 | |
| x | libxfont | 1.3.2 | |
| x | libxfont | 1.3.3 | |
| x | libxfont | 1.3.4 | |
| x | libxfont | 1.4.0 | |
| x | libxfont | 1.4.1 | |
| x | libxfont | 1.4.2 | |
| freebsd | freebsd | * | |
| netbsd | netbsd | * | |
| openbsd | openbsd | * | |
| openbsd | openbsd | 2.0 | |
| openbsd | openbsd | 2.1 | |
| openbsd | openbsd | 2.2 | |
| openbsd | openbsd | 2.3 | |
| openbsd | openbsd | 2.4 | |
| openbsd | openbsd | 2.5 | |
| openbsd | openbsd | 2.6 | |
| openbsd | openbsd | 2.7 | |
| openbsd | openbsd | 2.8 | |
| openbsd | openbsd | 2.9 | |
| openbsd | openbsd | 3.0 | |
| openbsd | openbsd | 3.1 | |
| openbsd | openbsd | 3.2 | |
| openbsd | openbsd | 3.3 | |
| openbsd | openbsd | 3.4 | |
| openbsd | openbsd | 3.5 | |
| openbsd | openbsd | 3.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freetype:freetype:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F73474B9-6853-4C5C-9CB9-5F4D3080D1C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:*:*:*:*:*:*:*:*",
"matchCriteriaId": "366E84EE-4BAC-4816-B04A-7B60F70B0084",
"versionEndIncluding": "1.4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "45A7B86F-A74E-42D8-BBE6-D86C4EB672B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9806D538-0672-4D27-9A32-F41BB53DF738",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "29297813-F2F4-48BF-8DEA-DC83E44D154E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C1437F3D-127E-45E7-B678-85BF208BAD30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "26743145-32B4-45A6-8912-2B97EF59B677",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1C18E74E-DB01-4D5F-BD18-DE370BA56A38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "06DBC61A-10CD-41ED-AC1B-16C867823059",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "061E16E4-0DD2-45B0-927D-5E6D97D54D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "58F3B17A-D8A9-4581-8EAC-4D6498A23F4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D064C118-DC51-46CF-961E-3D70C1EEFC92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D9F45C46-F416-46FC-8C98-79D57BB397D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B21FE78A-41E1-46A7-8129-94CBA34A3FA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5ADFF46D-9680-410C-B8B8-79F629534465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D36FBB2E-7BCD-4212-AE04-8C7C6B57CD49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8A603E28-7D58-44FB-819E-5F22FA9860EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2D9EE6A0-89DC-464D-890F-2C0E5CDCFAA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B056FDAB-4B10-4B32-A942-84864D39CBD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "642C350E-C81B-46F7-84B4-D3DE45E70DC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9EC02F3-3905-460D-8949-3B26394215CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netbsd:netbsd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B55E4B92-88E0-41F0-AFA7-046A8D34A2CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29DC69AE-D8BB-410B-B911-BFEA95774C3D",
"versionEndIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36DF0D51-FCFA-46A3-B834-E80DFA91DFDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB726CF-ADA2-4CDA-9786-1E84AC53740A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1FC373FC-88AC-4B6D-A289-51881ACD57F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1D2DA7F0-E3C0-447A-A2B0-ECC928389D84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FEBE290B-5EC6-4BBA-B645-294C150E417A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "ACE7FDFB-C6A6-4B58-B0B4-236E4EA76EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0DF053A1-C252-427E-9EEF-27240F422976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "48A9C344-45AA-47B9-B35A-1A62E220D9C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "80EB24F0-46A7-481B-83ED-8BB012AE0C8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "AA6AEAF0-FA61-4A3F-A083-1218C2027781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "60DA30A1-3360-46BC-85B7-008D535F95BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DA33E7E2-DE7B-411E-8991-718DA0988C51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1957B3C0-7F25-469B-BC3F-7B09260837ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AC46909F-DDFC-448B-BCDF-1EB343F96630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9496279F-AB43-4B53-81A6-87C651ABC4BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BDA160D4-5CAB-44E7-880A-59DD98FEAD62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D4D84D7A-EB7C-4196-B8B6-7B703C8055C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896."
},
{
"lang": "es",
"value": "El descompresor en LZW en (1) la funci\u00f3n BufCompressedFill en fontfile/decompress.c en X.Org libXfont antes de la versi\u00f3n v1.4.4 y (2) compress/compress.c en 4.3BSD, tal y como se utiliza en zopen.c en OpenBSD antes de la versi\u00f3n v3.8, FreeBSD, NetBSD, FreeType v2.1.9, y otros productos, no controla correctamente las palabras de c\u00f3digo ausentes de la tabla de descompresi\u00f3n, lo que permite provocar un bucle infinito o un desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap) a atacantes (dependiendo del contexto) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un flujo comprimido debidamente modificado. Se trata de un problema relacionado con los CVE-2006-1168 y CVE-2011 2896."
}
],
"id": "CVE-2011-2895",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-08-19T17:55:03.037",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d11ee5886e9d9ec610051a206b135a4cdc1e09a0"
},
{
"source": "secalert@redhat.com",
"url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-007.txt.asc"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://lists.freedesktop.org/archives/xorg-announce/2011-August/001721.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://lists.freedesktop.org/archives/xorg-announce/2011-August/001722.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00019.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00004.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45544"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45568"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45599"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/45986"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/46127"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/48951"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1025920"
},
{
"source": "secalert@redhat.com",
"url": "http://support.apple.com/kb/HT5130"
},
{
"source": "secalert@redhat.com",
"url": "http://support.apple.com/kb/HT5281"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2011/dsa-2293"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:153"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/compress/zopen.c#rev1.17"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2011/08/10/10"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1154.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1155.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1161.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1834.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/49124"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1191-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=725760"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=727624"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69141"
},
{
"source": "secalert@redhat.com",
"url": "https://support.apple.com/HT205635"
},
{
"source": "secalert@redhat.com",
"url": "https://support.apple.com/HT205637"
},
{
"source": "secalert@redhat.com",
"url": "https://support.apple.com/HT205640"
},
{
"source": "secalert@redhat.com",
"url": "https://support.apple.com/HT205641"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d11ee5886e9d9ec610051a206b135a4cdc1e09a0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-007.txt.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.freedesktop.org/archives/xorg-announce/2011-August/001721.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.freedesktop.org/archives/xorg-announce/2011-August/001722.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45544"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45568"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45599"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/45986"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/46127"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/48951"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1025920"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT5130"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT5281"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2293"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/compress/zopen.c#rev1.17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/08/10/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1154.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1155.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1161.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1834.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/49124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1191-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=725760"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=727624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/HT205635"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/HT205637"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/HT205640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/HT205641"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-01-09 18:55
Modified
2025-04-11 00:51
Severity ?
Summary
Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont 1.1 through 1.4.6 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in a character name in a BDF font file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| x | libxfont | 1.1.0 | |
| x | libxfont | 1.2.0 | |
| x | libxfont | 1.2.1 | |
| x | libxfont | 1.2.2 | |
| x | libxfont | 1.2.3 | |
| x | libxfont | 1.2.4 | |
| x | libxfont | 1.2.5 | |
| x | libxfont | 1.2.6 | |
| x | libxfont | 1.2.7 | |
| x | libxfont | 1.2.8 | |
| x | libxfont | 1.2.9 | |
| x | libxfont | 1.3.0 | |
| x | libxfont | 1.3.1 | |
| x | libxfont | 1.3.2 | |
| x | libxfont | 1.3.3 | |
| x | libxfont | 1.3.4 | |
| x | libxfont | 1.4.0 | |
| x | libxfont | 1.4.1 | |
| x | libxfont | 1.4.2 | |
| x | libxfont | 1.4.3 | |
| x | libxfont | 1.4.4 | |
| x | libxfont | 1.4.5 | |
| x | libxfont | 1.4.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:x:libxfont:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "91AC5551-B9AA-4709-BE64-CBE986358C8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "45A7B86F-A74E-42D8-BBE6-D86C4EB672B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9806D538-0672-4D27-9A32-F41BB53DF738",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "29297813-F2F4-48BF-8DEA-DC83E44D154E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C1437F3D-127E-45E7-B678-85BF208BAD30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "26743145-32B4-45A6-8912-2B97EF59B677",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1C18E74E-DB01-4D5F-BD18-DE370BA56A38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "06DBC61A-10CD-41ED-AC1B-16C867823059",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "061E16E4-0DD2-45B0-927D-5E6D97D54D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "58F3B17A-D8A9-4581-8EAC-4D6498A23F4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D064C118-DC51-46CF-961E-3D70C1EEFC92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D9F45C46-F416-46FC-8C98-79D57BB397D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B21FE78A-41E1-46A7-8129-94CBA34A3FA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5ADFF46D-9680-410C-B8B8-79F629534465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D36FBB2E-7BCD-4212-AE04-8C7C6B57CD49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8A603E28-7D58-44FB-819E-5F22FA9860EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2D9EE6A0-89DC-464D-890F-2C0E5CDCFAA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B056FDAB-4B10-4B32-A942-84864D39CBD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "642C350E-C81B-46F7-84B4-D3DE45E70DC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D5FC93A4-0138-4293-9C02-504469223399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "53524431-385B-4FF5-8C5E-4B708099096D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "375B1A11-E0B4-424D-926B-AF3AED0A7D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8470304F-5C5A-4260-BEAB-E7F6F81015BB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont 1.1 through 1.4.6 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in a character name in a BDF font file."
},
{
"lang": "es",
"value": "Desbordamiento de pila en la funci\u00f3n bdfReadCharacters de bitmap/bdfread.c en X.Org libXfont 1.1 hasta 1.4.6 permite a atacantes remotos causar una denegaci\u00f3n de servicio (crash) o probablemente ejecutar c\u00f3digo de forma arbitraria a trav\u00e9s de una cadena larga en el nombre de un caracter de un archivo de fuentes BDF."
}
],
"id": "CVE-2013-6462",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-01-09T18:55:04.167",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=4d024ac10f964f6bd372ae0dd14f02772a6e5f63"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00050.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00052.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.x.org/archives/xorg-announce/2014-January/002389.html"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/101842"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0018.html"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/oss-sec/2014/q1/33"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/56240"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/56336"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/56357"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/56371"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2014/dsa-2838"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/64694"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2078-1"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=4d024ac10f964f6bd372ae0dd14f02772a6e5f63"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00050.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00052.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.x.org/archives/xorg-announce/2014-January/002389.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/101842"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2014/q1/33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/56240"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/56336"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/56357"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/56371"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2838"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/64694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2078-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90123"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-15 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| canonical | ubuntu_linux | 10.04 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 12.10 | |
| canonical | ubuntu_linux | 13.10 | |
| canonical | ubuntu_linux | 14.04 | |
| x | libxfont | * | |
| x | libxfont | 1.2.3 | |
| x | libxfont | 1.2.4 | |
| x | libxfont | 1.2.5 | |
| x | libxfont | 1.2.6 | |
| x | libxfont | 1.2.7 | |
| x | libxfont | 1.2.8 | |
| x | libxfont | 1.2.9 | |
| x | libxfont | 1.3.0 | |
| x | libxfont | 1.3.1 | |
| x | libxfont | 1.3.2 | |
| x | libxfont | 1.3.3 | |
| x | libxfont | 1.3.4 | |
| x | libxfont | 1.4.0 | |
| x | libxfont | 1.4.1 | |
| x | libxfont | 1.4.2 | |
| x | libxfont | 1.4.3 | |
| x | libxfont | 1.4.4 | |
| x | libxfont | 1.4.5 | |
| x | libxfont | 1.4.6 | |
| x | libxfont | 1.4.99 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*",
"matchCriteriaId": "7118F616-25CA-4E34-AA13-4D14BB62419F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*",
"matchCriteriaId": "F5D324C4-97C7-49D3-A809-9EAD4B690C69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7F61F047-129C-41A6-8A27-FFCBB8563E91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:x:libxfont:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60D58307-30CB-4A71-99EA-8C42329AFFA7",
"versionEndIncluding": "1.4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C1437F3D-127E-45E7-B678-85BF208BAD30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "26743145-32B4-45A6-8912-2B97EF59B677",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1C18E74E-DB01-4D5F-BD18-DE370BA56A38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "06DBC61A-10CD-41ED-AC1B-16C867823059",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "061E16E4-0DD2-45B0-927D-5E6D97D54D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "58F3B17A-D8A9-4581-8EAC-4D6498A23F4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D064C118-DC51-46CF-961E-3D70C1EEFC92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D9F45C46-F416-46FC-8C98-79D57BB397D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B21FE78A-41E1-46A7-8129-94CBA34A3FA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5ADFF46D-9680-410C-B8B8-79F629534465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D36FBB2E-7BCD-4212-AE04-8C7C6B57CD49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8A603E28-7D58-44FB-819E-5F22FA9860EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2D9EE6A0-89DC-464D-890F-2C0E5CDCFAA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B056FDAB-4B10-4B32-A942-84864D39CBD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "642C350E-C81B-46F7-84B4-D3DE45E70DC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D5FC93A4-0138-4293-9C02-504469223399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "53524431-385B-4FF5-8C5E-4B708099096D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "375B1A11-E0B4-424D-926B-AF3AED0A7D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8470304F-5C5A-4260-BEAB-E7F6F81015BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x:libxfont:1.4.99:*:*:*:*:*:*:*",
"matchCriteriaId": "9EB8EE57-7DE8-4D1D-A227-F9B6510E1E09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de enteros en las funciones (1) fs_get_reply, (2) fs_alloc_glyphs y (3) fs_read_extent_info en X.Org libXfont anterior a 1.4.8 y 1.4.9x anterior a 1.4.99.901 permiten a servidores remotos de fuentes ejecutar c\u00f3digo arbitrario a trav\u00e9s de una respuesta xfs manipulada, lo que provoca un desbordamiento de buffer."
}
],
"id": "CVE-2014-0211",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-15T14:55:07.403",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://advisories.mageia.org/MGASA-2014-0278.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00073.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.x.org/archives/xorg-announce/2014-May/002431.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1893.html"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/59154"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2014/dsa-2927"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:145"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/67382"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2211-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2014-0278.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00073.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.x.org/archives/xorg-announce/2014-May/002431.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1893.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2927"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/67382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2211-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2007-5199 (GCVE-0-2007-5199)
Vulnerability from cvelistv5
Published
2017-08-18 20:00
Modified
2024-08-07 15:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A single byte overflow in catalogue.c in X.Org libXfont 1.3.1 allows remote attackers to have unspecified impact.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:24:42.349Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=327854"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=5bf703700ee4a5d6eae20da07cb7a29369667aef"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A single byte overflow in catalogue.c in X.Org libXfont 1.3.1 allows remote attackers to have unspecified impact."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-18T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=327854"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=5bf703700ee4a5d6eae20da07cb7a29369667aef"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5199",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A single byte overflow in catalogue.c in X.Org libXfont 1.3.1 allows remote attackers to have unspecified impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=327854",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=327854"
},
{
"name": "https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=5bf703700ee4a5d6eae20da07cb7a29369667aef",
"refsource": "CONFIRM",
"url": "https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=5bf703700ee4a5d6eae20da07cb7a29369667aef"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5199",
"datePublished": "2017-08-18T20:00:00",
"dateReserved": "2007-10-04T00:00:00",
"dateUpdated": "2024-08-07T15:24:42.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1802 (GCVE-0-2015-1802)
Vulnerability from cvelistv5
Published
2015-03-20 14:00
Modified
2024-08-06 04:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a (1) negative or (2) large property count in a BDF font file.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:54:16.071Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name": "GLSA-201507-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201507-21"
},
{
"name": "SUSE-SU-2015:0674",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00002.html"
},
{
"name": "73277",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73277"
},
{
"name": "USN-2536-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2536-1"
},
{
"name": "FEDORA-2015-4230",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152838.html"
},
{
"name": "RHSA-2015:1708",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1708.html"
},
{
"name": "openSUSE-SU-2015:0614",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00032.html"
},
{
"name": "1031935",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031935"
},
{
"name": "FEDORA-2015-4199",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152497.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name": "DSA-3194",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3194"
},
{
"name": "MDVSA-2015:145",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:145"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.x.org/wiki/Development/Security/Advisory-2015-03-17/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2015-0113.html"
},
{
"name": "SUSE-SU-2015:0702",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00005.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a (1) negative or (2) large property count in a BDF font file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-20T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name": "GLSA-201507-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201507-21"
},
{
"name": "SUSE-SU-2015:0674",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00002.html"
},
{
"name": "73277",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/73277"
},
{
"name": "USN-2536-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2536-1"
},
{
"name": "FEDORA-2015-4230",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152838.html"
},
{
"name": "RHSA-2015:1708",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1708.html"
},
{
"name": "openSUSE-SU-2015:0614",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00032.html"
},
{
"name": "1031935",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031935"
},
{
"name": "FEDORA-2015-4199",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152497.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name": "DSA-3194",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3194"
},
{
"name": "MDVSA-2015:145",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:145"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.x.org/wiki/Development/Security/Advisory-2015-03-17/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2015-0113.html"
},
{
"name": "SUSE-SU-2015:0702",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00005.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1802",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a (1) negative or (2) large property count in a BDF font file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name": "GLSA-201507-21",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201507-21"
},
{
"name": "SUSE-SU-2015:0674",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00002.html"
},
{
"name": "73277",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73277"
},
{
"name": "USN-2536-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2536-1"
},
{
"name": "FEDORA-2015-4230",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152838.html"
},
{
"name": "RHSA-2015:1708",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1708.html"
},
{
"name": "openSUSE-SU-2015:0614",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00032.html"
},
{
"name": "1031935",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031935"
},
{
"name": "FEDORA-2015-4199",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152497.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name": "DSA-3194",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3194"
},
{
"name": "MDVSA-2015:145",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:145"
},
{
"name": "http://www.x.org/wiki/Development/Security/Advisory-2015-03-17/",
"refsource": "MISC",
"url": "http://www.x.org/wiki/Development/Security/Advisory-2015-03-17/"
},
{
"name": "http://advisories.mageia.org/MGASA-2015-0113.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2015-0113.html"
},
{
"name": "SUSE-SU-2015:0702",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00005.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-1802",
"datePublished": "2015-03-20T14:00:00",
"dateReserved": "2015-02-17T00:00:00",
"dateUpdated": "2024-08-06T04:54:16.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1804 (GCVE-0-2015-1804)
Vulnerability from cvelistv5
Published
2015-03-20 14:00
Modified
2024-08-06 04:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via a crafted BDF font file.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:54:16.301Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name": "GLSA-201507-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201507-21"
},
{
"name": "SUSE-SU-2015:0674",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00002.html"
},
{
"name": "openSUSE-SU-2015:2300",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00074.html"
},
{
"name": "USN-2536-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2536-1"
},
{
"name": "FEDORA-2015-4230",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152838.html"
},
{
"name": "RHSA-2015:1708",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1708.html"
},
{
"name": "openSUSE-SU-2015:0614",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00032.html"
},
{
"name": "1031935",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031935"
},
{
"name": "FEDORA-2015-4199",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152497.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name": "DSA-3194",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3194"
},
{
"name": "MDVSA-2015:145",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:145"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.x.org/wiki/Development/Security/Advisory-2015-03-17/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2015-0113.html"
},
{
"name": "73279",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73279"
},
{
"name": "SUSE-SU-2015:0702",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00005.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via a crafted BDF font file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name": "GLSA-201507-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201507-21"
},
{
"name": "SUSE-SU-2015:0674",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00002.html"
},
{
"name": "openSUSE-SU-2015:2300",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00074.html"
},
{
"name": "USN-2536-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2536-1"
},
{
"name": "FEDORA-2015-4230",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152838.html"
},
{
"name": "RHSA-2015:1708",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1708.html"
},
{
"name": "openSUSE-SU-2015:0614",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00032.html"
},
{
"name": "1031935",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031935"
},
{
"name": "FEDORA-2015-4199",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152497.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name": "DSA-3194",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3194"
},
{
"name": "MDVSA-2015:145",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:145"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.x.org/wiki/Development/Security/Advisory-2015-03-17/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2015-0113.html"
},
{
"name": "73279",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/73279"
},
{
"name": "SUSE-SU-2015:0702",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00005.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1804",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via a crafted BDF font file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name": "GLSA-201507-21",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201507-21"
},
{
"name": "SUSE-SU-2015:0674",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00002.html"
},
{
"name": "openSUSE-SU-2015:2300",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00074.html"
},
{
"name": "USN-2536-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2536-1"
},
{
"name": "FEDORA-2015-4230",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152838.html"
},
{
"name": "RHSA-2015:1708",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1708.html"
},
{
"name": "openSUSE-SU-2015:0614",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00032.html"
},
{
"name": "1031935",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031935"
},
{
"name": "FEDORA-2015-4199",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152497.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name": "DSA-3194",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3194"
},
{
"name": "MDVSA-2015:145",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:145"
},
{
"name": "http://www.x.org/wiki/Development/Security/Advisory-2015-03-17/",
"refsource": "MISC",
"url": "http://www.x.org/wiki/Development/Security/Advisory-2015-03-17/"
},
{
"name": "http://advisories.mageia.org/MGASA-2015-0113.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2015-0113.html"
},
{
"name": "73279",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73279"
},
{
"name": "SUSE-SU-2015:0702",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00005.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-1804",
"datePublished": "2015-03-20T14:00:00",
"dateReserved": "2015-02-17T00:00:00",
"dateUpdated": "2024-08-06T04:54:16.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0209 (GCVE-0-2014-0209)
Vulnerability from cvelistv5
Published
2014-05-15 14:00
Modified
2024-08-06 09:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:39.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "openSUSE-SU-2014:0711",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00073.html"
},
{
"name": "USN-2211-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2211-1"
},
{
"name": "59154",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59154"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "DSA-2927",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2927"
},
{
"name": "RHSA-2014:1893",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1893.html"
},
{
"name": "67382",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67382"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "[xorg-announce] 20140513 [ANNOUNCE] X.Org Security Advisory: Multiple issues in libXfont",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.x.org/archives/xorg-announce/2014-May/002431.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "MDVSA-2015:145",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:145"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0278.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "openSUSE-SU-2014:0711",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00073.html"
},
{
"name": "USN-2211-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2211-1"
},
{
"name": "59154",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59154"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "DSA-2927",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2927"
},
{
"name": "RHSA-2014:1893",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1893.html"
},
{
"name": "67382",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67382"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "[xorg-announce] 20140513 [ANNOUNCE] X.Org Security Advisory: Multiple issues in libXfont",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.x.org/archives/xorg-announce/2014-May/002431.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "MDVSA-2015:145",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:145"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0278.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0209",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "openSUSE-SU-2014:0711",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00073.html"
},
{
"name": "USN-2211-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2211-1"
},
{
"name": "59154",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59154"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "DSA-2927",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2927"
},
{
"name": "RHSA-2014:1893",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1893.html"
},
{
"name": "67382",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67382"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "[xorg-announce] 20140513 [ANNOUNCE] X.Org Security Advisory: Multiple issues in libXfont",
"refsource": "MLIST",
"url": "http://lists.x.org/archives/xorg-announce/2014-May/002431.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "MDVSA-2015:145",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:145"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0278.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0278.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0209",
"datePublished": "2014-05-15T14:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T09:05:39.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0211 (GCVE-0-2014-0211)
Vulnerability from cvelistv5
Published
2014-05-15 14:00
Modified
2024-08-06 09:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:39.379Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "openSUSE-SU-2014:0711",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00073.html"
},
{
"name": "USN-2211-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2211-1"
},
{
"name": "59154",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59154"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "DSA-2927",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2927"
},
{
"name": "RHSA-2014:1893",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1893.html"
},
{
"name": "67382",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67382"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "[xorg-announce] 20140513 [ANNOUNCE] X.Org Security Advisory: Multiple issues in libXfont",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.x.org/archives/xorg-announce/2014-May/002431.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "MDVSA-2015:145",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:145"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0278.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "openSUSE-SU-2014:0711",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00073.html"
},
{
"name": "USN-2211-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2211-1"
},
{
"name": "59154",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59154"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "DSA-2927",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2927"
},
{
"name": "RHSA-2014:1893",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1893.html"
},
{
"name": "67382",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67382"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "[xorg-announce] 20140513 [ANNOUNCE] X.Org Security Advisory: Multiple issues in libXfont",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.x.org/archives/xorg-announce/2014-May/002431.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "MDVSA-2015:145",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:145"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0278.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0211",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "openSUSE-SU-2014:0711",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00073.html"
},
{
"name": "USN-2211-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2211-1"
},
{
"name": "59154",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59154"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "DSA-2927",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2927"
},
{
"name": "RHSA-2014:1893",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1893.html"
},
{
"name": "67382",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67382"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "[xorg-announce] 20140513 [ANNOUNCE] X.Org Security Advisory: Multiple issues in libXfont",
"refsource": "MLIST",
"url": "http://lists.x.org/archives/xorg-announce/2014-May/002431.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "MDVSA-2015:145",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:145"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0278.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0278.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0211",
"datePublished": "2014-05-15T14:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T09:05:39.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6462 (GCVE-0-2013-6462)
Vulnerability from cvelistv5
Published
2014-01-09 15:00
Modified
2024-08-06 17:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont 1.1 through 1.4.6 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in a character name in a BDF font file.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:39:01.320Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2014:0075",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00052.html"
},
{
"name": "[xorg-announce] 20140107 X.Org Security Advisory: CVE-2013-6462: Stack buffer overflow in parsing of BDF font files in libXfont",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.x.org/archives/xorg-announce/2014-January/002389.html"
},
{
"name": "DSA-2838",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2838"
},
{
"name": "56357",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56357"
},
{
"name": "[oss-security] 20140107 Fwd: X.Org Security Advisory: CVE-2013-6462: Stack buffer overflow in parsing of BDF font files in libXfont",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q1/33"
},
{
"name": "RHSA-2014:0018",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0018.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
},
{
"name": "56240",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56240"
},
{
"name": "56336",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56336"
},
{
"name": "USN-2078-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2078-1"
},
{
"name": "openSUSE-SU-2014:0073",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00050.html"
},
{
"name": "56371",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56371"
},
{
"name": "101842",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/101842"
},
{
"name": "64694",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64694"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=4d024ac10f964f6bd372ae0dd14f02772a6e5f63"
},
{
"name": "libxfont-cve20136462-bo(90123)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90123"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont 1.1 through 1.4.6 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in a character name in a BDF font file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "openSUSE-SU-2014:0075",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00052.html"
},
{
"name": "[xorg-announce] 20140107 X.Org Security Advisory: CVE-2013-6462: Stack buffer overflow in parsing of BDF font files in libXfont",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.x.org/archives/xorg-announce/2014-January/002389.html"
},
{
"name": "DSA-2838",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2838"
},
{
"name": "56357",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56357"
},
{
"name": "[oss-security] 20140107 Fwd: X.Org Security Advisory: CVE-2013-6462: Stack buffer overflow in parsing of BDF font files in libXfont",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q1/33"
},
{
"name": "RHSA-2014:0018",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0018.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
},
{
"name": "56240",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56240"
},
{
"name": "56336",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56336"
},
{
"name": "USN-2078-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2078-1"
},
{
"name": "openSUSE-SU-2014:0073",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00050.html"
},
{
"name": "56371",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56371"
},
{
"name": "101842",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/101842"
},
{
"name": "64694",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64694"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=4d024ac10f964f6bd372ae0dd14f02772a6e5f63"
},
{
"name": "libxfont-cve20136462-bo(90123)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90123"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-6462",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont 1.1 through 1.4.6 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in a character name in a BDF font file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2014:0075",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00052.html"
},
{
"name": "[xorg-announce] 20140107 X.Org Security Advisory: CVE-2013-6462: Stack buffer overflow in parsing of BDF font files in libXfont",
"refsource": "MLIST",
"url": "http://lists.x.org/archives/xorg-announce/2014-January/002389.html"
},
{
"name": "DSA-2838",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2838"
},
{
"name": "56357",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56357"
},
{
"name": "[oss-security] 20140107 Fwd: X.Org Security Advisory: CVE-2013-6462: Stack buffer overflow in parsing of BDF font files in libXfont",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q1/33"
},
{
"name": "RHSA-2014:0018",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0018.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
},
{
"name": "56240",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56240"
},
{
"name": "56336",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56336"
},
{
"name": "USN-2078-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2078-1"
},
{
"name": "openSUSE-SU-2014:0073",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00050.html"
},
{
"name": "56371",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56371"
},
{
"name": "101842",
"refsource": "OSVDB",
"url": "http://osvdb.org/101842"
},
{
"name": "64694",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64694"
},
{
"name": "http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=4d024ac10f964f6bd372ae0dd14f02772a6e5f63",
"refsource": "CONFIRM",
"url": "http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=4d024ac10f964f6bd372ae0dd14f02772a6e5f63"
},
{
"name": "libxfont-cve20136462-bo(90123)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90123"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-6462",
"datePublished": "2014-01-09T15:00:00",
"dateReserved": "2013-11-04T00:00:00",
"dateUpdated": "2024-08-06T17:39:01.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0210 (GCVE-0-2014-0210)
Vulnerability from cvelistv5
Published
2014-05-15 14:00
Modified
2024-08-06 09:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info function.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:39.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "openSUSE-SU-2014:0711",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00073.html"
},
{
"name": "USN-2211-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2211-1"
},
{
"name": "59154",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59154"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "DSA-2927",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2927"
},
{
"name": "RHSA-2014:1893",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1893.html"
},
{
"name": "67382",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67382"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "[xorg-announce] 20140513 [ANNOUNCE] X.Org Security Advisory: Multiple issues in libXfont",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.x.org/archives/xorg-announce/2014-May/002431.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "MDVSA-2015:145",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:145"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0278.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "openSUSE-SU-2014:0711",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00073.html"
},
{
"name": "USN-2211-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2211-1"
},
{
"name": "59154",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59154"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "DSA-2927",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2927"
},
{
"name": "RHSA-2014:1893",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1893.html"
},
{
"name": "67382",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67382"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "[xorg-announce] 20140513 [ANNOUNCE] X.Org Security Advisory: Multiple issues in libXfont",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.x.org/archives/xorg-announce/2014-May/002431.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "MDVSA-2015:145",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:145"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0278.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0210",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "openSUSE-SU-2014:0711",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00073.html"
},
{
"name": "USN-2211-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2211-1"
},
{
"name": "59154",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59154"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "DSA-2927",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2927"
},
{
"name": "RHSA-2014:1893",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1893.html"
},
{
"name": "67382",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67382"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "[xorg-announce] 20140513 [ANNOUNCE] X.Org Security Advisory: Multiple issues in libXfont",
"refsource": "MLIST",
"url": "http://lists.x.org/archives/xorg-announce/2014-May/002431.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "MDVSA-2015:145",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:145"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0278.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0278.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0210",
"datePublished": "2014-05-15T14:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T09:05:39.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1803 (GCVE-0-2015-1803)
Vulnerability from cvelistv5
Published
2015-03-20 14:00
Modified
2024-08-06 04:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a crafted BDF font file.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:54:16.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name": "GLSA-201507-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201507-21"
},
{
"name": "SUSE-SU-2015:0674",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00002.html"
},
{
"name": "USN-2536-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2536-1"
},
{
"name": "FEDORA-2015-4230",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152838.html"
},
{
"name": "RHSA-2015:1708",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1708.html"
},
{
"name": "openSUSE-SU-2015:0614",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00032.html"
},
{
"name": "1031935",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031935"
},
{
"name": "FEDORA-2015-4199",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152497.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name": "DSA-3194",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3194"
},
{
"name": "MDVSA-2015:145",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:145"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.x.org/wiki/Development/Security/Advisory-2015-03-17/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2015-0113.html"
},
{
"name": "SUSE-SU-2015:0702",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00005.html"
},
{
"name": "73280",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73280"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a crafted BDF font file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name": "GLSA-201507-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201507-21"
},
{
"name": "SUSE-SU-2015:0674",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00002.html"
},
{
"name": "USN-2536-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2536-1"
},
{
"name": "FEDORA-2015-4230",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152838.html"
},
{
"name": "RHSA-2015:1708",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1708.html"
},
{
"name": "openSUSE-SU-2015:0614",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00032.html"
},
{
"name": "1031935",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031935"
},
{
"name": "FEDORA-2015-4199",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152497.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name": "DSA-3194",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3194"
},
{
"name": "MDVSA-2015:145",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:145"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.x.org/wiki/Development/Security/Advisory-2015-03-17/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2015-0113.html"
},
{
"name": "SUSE-SU-2015:0702",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00005.html"
},
{
"name": "73280",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/73280"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1803",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a crafted BDF font file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name": "GLSA-201507-21",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201507-21"
},
{
"name": "SUSE-SU-2015:0674",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00002.html"
},
{
"name": "USN-2536-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2536-1"
},
{
"name": "FEDORA-2015-4230",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152838.html"
},
{
"name": "RHSA-2015:1708",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1708.html"
},
{
"name": "openSUSE-SU-2015:0614",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00032.html"
},
{
"name": "1031935",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031935"
},
{
"name": "FEDORA-2015-4199",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152497.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name": "DSA-3194",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3194"
},
{
"name": "MDVSA-2015:145",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:145"
},
{
"name": "http://www.x.org/wiki/Development/Security/Advisory-2015-03-17/",
"refsource": "MISC",
"url": "http://www.x.org/wiki/Development/Security/Advisory-2015-03-17/"
},
{
"name": "http://advisories.mageia.org/MGASA-2015-0113.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2015-0113.html"
},
{
"name": "SUSE-SU-2015:0702",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00005.html"
},
{
"name": "73280",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73280"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-1803",
"datePublished": "2015-03-20T14:00:00",
"dateReserved": "2015-02-17T00:00:00",
"dateUpdated": "2024-08-06T04:54:16.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-16611 (GCVE-0-2017-16611)
Vulnerability from cvelistv5
Published
2017-12-01 17:00
Modified
2024-08-05 20:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:27:04.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20171128 CVE-2017-16611 libXfont Open files with O_NOFOLLOW",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/11/28/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1050459"
},
{
"name": "USN-3500-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3500-1"
},
{
"name": "[freedesktop-xorg-announce] 20171128 libXfont2 2.0.3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://marc.info/?l=freedesktop-xorg-announce\u0026m=151188044218304\u0026w=2"
},
{
"name": "GLSA-201801-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201801-10"
},
{
"name": "[freedesktop-xorg-announce] 20171128 libXfont 1.5.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://marc.info/?l=freedesktop-xorg-announce\u0026m=151188049718337\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://security.cucumberlinux.com/security/details.php?id=155"
},
{
"name": "[debian-lts-announce] 20220125 [SECURITY] [DLA 2901-1] libxfont security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00028.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-26T01:06:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20171128 CVE-2017-16611 libXfont Open files with O_NOFOLLOW",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/11/28/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1050459"
},
{
"name": "USN-3500-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3500-1"
},
{
"name": "[freedesktop-xorg-announce] 20171128 libXfont2 2.0.3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://marc.info/?l=freedesktop-xorg-announce\u0026m=151188044218304\u0026w=2"
},
{
"name": "GLSA-201801-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201801-10"
},
{
"name": "[freedesktop-xorg-announce] 20171128 libXfont 1.5.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://marc.info/?l=freedesktop-xorg-announce\u0026m=151188049718337\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://security.cucumberlinux.com/security/details.php?id=155"
},
{
"name": "[debian-lts-announce] 20220125 [SECURITY] [DLA 2901-1] libxfont security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00028.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16611",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20171128 CVE-2017-16611 libXfont Open files with O_NOFOLLOW",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/11/28/7"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1050459",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1050459"
},
{
"name": "USN-3500-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3500-1"
},
{
"name": "[freedesktop-xorg-announce] 20171128 libXfont2 2.0.3",
"refsource": "MLIST",
"url": "https://marc.info/?l=freedesktop-xorg-announce\u0026m=151188044218304\u0026w=2"
},
{
"name": "GLSA-201801-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201801-10"
},
{
"name": "[freedesktop-xorg-announce] 20171128 libXfont 1.5.4",
"refsource": "MLIST",
"url": "https://marc.info/?l=freedesktop-xorg-announce\u0026m=151188049718337\u0026w=2"
},
{
"name": "http://security.cucumberlinux.com/security/details.php?id=155",
"refsource": "MISC",
"url": "http://security.cucumberlinux.com/security/details.php?id=155"
},
{
"name": "[debian-lts-announce] 20220125 [SECURITY] [DLA 2901-1] libxfont security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00028.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-16611",
"datePublished": "2017-12-01T17:00:00",
"dateReserved": "2017-11-06T00:00:00",
"dateUpdated": "2024-08-05T20:27:04.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2895 (GCVE-0-2011-2895)
Vulnerability from cvelistv5
Published
2011-08-19 17:00
Modified
2024-08-06 23:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:15:31.486Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT205635"
},
{
"name": "RHSA-2011:1154",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1154.html"
},
{
"name": "USN-1191-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1191-1"
},
{
"name": "[oss-security] 20110810 LZW decompression issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/10/10"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=725760"
},
{
"name": "45544",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45544"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT205637"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5130"
},
{
"name": "APPLE-SA-2015-12-08-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html"
},
{
"name": "MDVSA-2011:153",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:153"
},
{
"name": "49124",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49124"
},
{
"name": "45599",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45599"
},
{
"name": "RHSA-2011:1155",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1155.html"
},
{
"name": "1025920",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025920"
},
{
"name": "openSUSE-SU-2011:1299",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00004.html"
},
{
"name": "APPLE-SA-2015-12-08-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html"
},
{
"name": "SUSE-SU-2011:1035",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00019.html"
},
{
"name": "APPLE-SA-2012-02-01-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"name": "[xorg-announce] 20110810 X.Org security advisory: libXfont LZW decompression heap corruption",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.freedesktop.org/archives/xorg-announce/2011-August/001721.html"
},
{
"name": "46127",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46127"
},
{
"name": "45986",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45986"
},
{
"name": "RHSA-2011:1161",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1161.html"
},
{
"name": "RHSA-2011:1834",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1834.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/compress/zopen.c#rev1.17"
},
{
"name": "xorg-lzw-bo(69141)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69141"
},
{
"name": "APPLE-SA-2015-12-08-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html"
},
{
"name": "45568",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45568"
},
{
"name": "[xorg-announce] 20110810 [ANNOUNCE] libXfont 1.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.freedesktop.org/archives/xorg-announce/2011-August/001722.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT205641"
},
{
"name": "NetBSD-SA2011-007",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-007.txt.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT205640"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d11ee5886e9d9ec610051a206b135a4cdc1e09a0"
},
{
"name": "48951",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48951"
},
{
"name": "APPLE-SA-2015-12-08-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5281"
},
{
"name": "APPLE-SA-2012-05-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
},
{
"name": "DSA-2293",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2293"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=727624"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT205635"
},
{
"name": "RHSA-2011:1154",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1154.html"
},
{
"name": "USN-1191-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1191-1"
},
{
"name": "[oss-security] 20110810 LZW decompression issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/10/10"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=725760"
},
{
"name": "45544",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45544"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT205637"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5130"
},
{
"name": "APPLE-SA-2015-12-08-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html"
},
{
"name": "MDVSA-2011:153",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:153"
},
{
"name": "49124",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49124"
},
{
"name": "45599",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45599"
},
{
"name": "RHSA-2011:1155",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1155.html"
},
{
"name": "1025920",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025920"
},
{
"name": "openSUSE-SU-2011:1299",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00004.html"
},
{
"name": "APPLE-SA-2015-12-08-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html"
},
{
"name": "SUSE-SU-2011:1035",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00019.html"
},
{
"name": "APPLE-SA-2012-02-01-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"name": "[xorg-announce] 20110810 X.Org security advisory: libXfont LZW decompression heap corruption",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.freedesktop.org/archives/xorg-announce/2011-August/001721.html"
},
{
"name": "46127",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46127"
},
{
"name": "45986",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45986"
},
{
"name": "RHSA-2011:1161",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1161.html"
},
{
"name": "RHSA-2011:1834",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1834.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/compress/zopen.c#rev1.17"
},
{
"name": "xorg-lzw-bo(69141)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69141"
},
{
"name": "APPLE-SA-2015-12-08-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html"
},
{
"name": "45568",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45568"
},
{
"name": "[xorg-announce] 20110810 [ANNOUNCE] libXfont 1.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.freedesktop.org/archives/xorg-announce/2011-August/001722.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT205641"
},
{
"name": "NetBSD-SA2011-007",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-007.txt.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT205640"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d11ee5886e9d9ec610051a206b135a4cdc1e09a0"
},
{
"name": "48951",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48951"
},
{
"name": "APPLE-SA-2015-12-08-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5281"
},
{
"name": "APPLE-SA-2012-05-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
},
{
"name": "DSA-2293",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2293"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=727624"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2895",
"datePublished": "2011-08-19T17:00:00",
"dateReserved": "2011-07-27T00:00:00",
"dateUpdated": "2024-08-06T23:15:31.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}