Computer Security
[EN] securityvulns.ru no-pyccku


libXfont multiple security vulnerabilities
Published:18.03.2015
Source:
SecurityVulns ID:14324
Type:library
Threat Level:
6/10
Description:Memory corruptions on bdf parsing.
Affected:LIBXFONT : libXfont 1.4
CVE:CVE-2015-1804 (The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via a crafted BDF font file.)
 CVE-2015-1803 (The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a crafted BDF font file.)
 CVE-2015-1802 (The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a (1) negative or (2) large property count in a BDF font file.)
Original documentdocumentUBUNTU, [USN-2536-1] libXfont vulnerabilities (18.03.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod