PT-2017-13041 · X.Org Foundation+3 · Libxfont+3

Michal Srb

Published

2017-10-05

Updated

2024-06-15

CVE-2017-13720

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions libXfont versions 1.5.2 and earlier libXfont versions 2.x prior to 2.0.2

Description The issue arises from incorrect handling of '0' characters in the PatternMatch function in fontfile/fontdir.c, specifically when '?' characters are involved. This can lead to a buffer over-read during font pattern matching, potentially causing information disclosure or a crash, resulting in denial of service. An attacker would need access to an X connection to exploit this.

Recommendations For libXfont version 1.5.2 and earlier, update to version 2.0.2 or later. For libXfont version 2.x prior to 2.0.2, update to version 2.0.2 or later.

Fix

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2017-2478

ALT-PU-2017-2480

CVE-2017-13720

DLA-1126-1

DSA-3995-1

MGASA-2017-0373

OPENSUSE-SU-2024:10921-1

SUSE-SU-2018:0246-1

SUSE-SU-2018:0334-1

SUSE-SU-2018_0246-1

SUSE-SU-2018_0334-1

USN-3442-1

Affected Products

Alt Linux

Suse

Ubuntu

Libxfont

PT-2017-13041 · X.Org Foundation+3 · Libxfont+3

CVE-2017-13720

Weakness Enumeration

Related Identifiers

Affected Products

References · 51