CVE-2014-0210

Name of the Vulnerable Software and Affected Versions libXfont versions prior to 1.4.8 libXfont versions 1.4.9x prior to 1.4.99.901

Description The issue involves multiple buffer overflows in the libXfont package, allowing remote font servers to execute arbitrary code via crafted xfs protocol replies to various functions, including fs recv conn setup, fs read open font, fs read query info, fs read extent info, fs read glyphs, fs read list, and fs read list info. This can lead to a disruption of confidentiality, integrity, and availability of protected information. The exploitation of these vulnerabilities can be carried out remotely.

Recommendations For libXfont versions prior to 1.4.8, update to version 1.4.8 or later. For libXfont versions 1.4.9x prior to 1.4.99.901, update to version 1.4.99.901 or later. As a temporary workaround, consider restricting access to the vulnerable functions until a patch is available. Avoid using the vulnerable libXfont package for remote font server connections until the issue is resolved.