PT-2014-1833 · X.Org+5 · Libxfont+5

Published

2014-05-13

Updated

2018-10-09

CVE-2014-0211

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions libXfont versions prior to 1.4.8 libXfont-debuginfo versions prior to 1.4.8 libXfont-devel versions prior to 1.4.8

Description The issue involves multiple integer overflows in the (1) fs get reply, (2) fs alloc glyphs, and (3) fs read extent info functions in X.Org libXfont. These overflows allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow. The exploitation of these vulnerabilities can lead to a disruption of confidentiality, integrity, and availability of protected information and can be carried out remotely.

Recommendations For libXfont versions prior to 1.4.8, update to version 1.4.8 or later. For libXfont-debuginfo versions prior to 1.4.8, update to version 1.4.8 or later. For libXfont-devel versions prior to 1.4.8, update to version 1.4.8 or later. As a temporary workaround, consider restricting access to remote font servers to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-189

Related Identifiers

ALT-PU-2014-1649

BDU:2015-06368

BDU:2015-06369

BDU:2015-06370

BDU:2015-06371

BDU:2015-06372

BDU:2015-06373

BDU:2015-06374

BDU:2015-09764

CESA-2014_1870

CVE-2014-0211

DSA-2927-1

MGASA-2014-0278

OPENSUSE-SU-2024:10299-1

RHSA-2014:1870

RHSA-2014:1893

RHSA-2014_1870

RHSA-2014_1893

SUSE-SU-2015:0674-1

USN-2211-1

Affected Products

Alt Linux

Centos

Red Hat

Suse

Ubuntu

Libxfont

PT-2014-1833 · X.Org+5 · Libxfont+5

CVE-2014-0211

Weakness Enumeration

Related Identifiers

Affected Products

References · 57