PT-2017-13041 · X.Org Foundation+3 · Libxfont+3

Michal Srb

Publicado

2017-10-05

Atualizado

2024-06-15

CVE-2017-13720

CVSS v3.1

7.1

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions libXfont versions 1.5.2 and earlier libXfont versions 2.x prior to 2.0.2

Description The issue arises from incorrect handling of '0' characters in the PatternMatch function in fontfile/fontdir.c, specifically when '?' characters are involved. This can lead to a buffer over-read during font pattern matching, potentially causing information disclosure or a crash, resulting in denial of service. An attacker would need access to an X connection to exploit this.

Recommendations For libXfont version 1.5.2 and earlier, update to version 2.0.2 or later. For libXfont version 2.x prior to 2.0.2, update to version 2.0.2 or later.

Correção

DoS

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

ALT-PU-2017-2478

ALT-PU-2017-2480

CVE-2017-13720

DLA-1126-1

DSA-3995-1

MGASA-2017-0373

OPENSUSE-SU-2024:10921-1

SUSE-SU-2018:0246-1

SUSE-SU-2018:0334-1

SUSE-SU-2018_0246-1

SUSE-SU-2018_0334-1

USN-3442-1

Produtos afetados

Alt Linux

Suse

Ubuntu

Libxfont

PT-2017-13041 · X.Org Foundation+3 · Libxfont+3

CVE-2017-13720

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 51