Computer Security
[EN] securityvulns.ru no-pyccku


libXfont multiple security vulnerabilities
Published:15.05.2014
Source:
SecurityVulns ID:13772
Type:library
Threat Level:
6/10
Description:DoS, memory corruptions.
Affected:LIBXFONT : libXfont 1.4
CVE:CVE-2014-0211 (Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow.)
 CVE-2014-0210 (Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info function.)
 CVE-2014-0209 (Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata.)
Original documentdocumentAlan Coopersmith, [oss-security] Fwd: [ANNOUNCE] X.Org Security Advisory: Multiple issues in libXfont (15.05.2014)
 documentUBUNTU, [USN-2211-1] libXfont vulnerabilities (15.05.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod