CVE-2014-0211

Name of the Vulnerable Software and Affected Versions libXfont versions prior to 1.4.8 libXfont-debuginfo versions prior to 1.4.8 libXfont-devel versions prior to 1.4.8

Description The issue involves multiple integer overflows in the (1) fs get reply, (2) fs alloc glyphs, and (3) fs read extent info functions in X.Org libXfont. These overflows allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow. The exploitation of these vulnerabilities can lead to a disruption of confidentiality, integrity, and availability of protected information and can be carried out remotely.

Recommendations For libXfont versions prior to 1.4.8, update to version 1.4.8 or later. For libXfont-debuginfo versions prior to 1.4.8, update to version 1.4.8 or later. For libXfont-devel versions prior to 1.4.8, update to version 1.4.8 or later. As a temporary workaround, consider restricting access to remote font servers to minimize the risk of exploitation.