CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2017-16611 – Gentoo Linux Security Advisory 201801-10
https://notcve.org/view.php?id=CVE-2017-16611
29 Nov 2017 — In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files. En libXfont en versiones anteriores a la 1.5.4 y libXfont2 en versiones anteriores a la 2.0.3, un atacante local puede abrir (pero no leer) archivos en el sistema como root, desencadenando rebobinados de cinta, watchdogs o mecanismos similares que se pueden desencadenar abriendo archivos. I... • http://security.cucumberlinux.com/security/details.php?id=155 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2017-13720 – Debian Security Advisory 3995-1
https://notcve.org/view.php?id=CVE-2017-13720
10 Oct 2017 — In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash (denial of service). This occurs because '\0' characters are incorrectly skipped in situations involving ? characters. En la función PatternMatch en fontfile/fontdir.c en libXfont, en versiones hasta la 1.5.2 y versiones 2.x hasta la 2.0.2, un atacante con acces... • http://www.debian.org/security/2017/dsa-3995 • CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2017-13722 – Debian Security Advisory 3995-1
https://notcve.org/view.php?id=CVE-2017-13722
10 Oct 2017 — In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server. En la función pcfGetProperties en bitmap/pcfread.c en libXfont, en versiones hasta la 1.5.2 y versiones 2.x hasta la 2.0.2, atacantes autenticados en un servidor X podrían utilizar la falta de una comprobación de límites (para arc... • http://www.debian.org/security/2017/dsa-3995 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 1%CPEs: 7EXPL: 0CVE-2015-1803 – libXfont: crash on invalid read in bdfReadCharacters
https://notcve.org/view.php?id=CVE-2015-1803
18 Mar 2015 — The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a crafted BDF font file. La función bdfReadCharacters en bitmap/bdfread.c en X.Org libXfont anterior a 1.4.9 y 1.5.x anterior a 1.5.1 no maneja adecuadamente caracteres bitmaps que no se pueden leer, lo... • http://advisories.mageia.org/MGASA-2015-0113.html • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 1%CPEs: 7EXPL: 0CVE-2015-1802 – libXfont: missing range check in bdfReadProperties
https://notcve.org/view.php?id=CVE-2015-1802
18 Mar 2015 — The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a (1) negative or (2) large property count in a BDF font file. La función bdfReadProperties en bitmap/bdfread.c en X.Org libXfont anterior a 1.4.9 y 1.5.x anterior a 1.5.1 permite a usuarios remotos autenticados causar una denegación de servicio (escritura y caída fuera de... • http://advisories.mageia.org/MGASA-2015-0113.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 1%CPEs: 7EXPL: 0CVE-2015-1804 – libXfont: out-of-bounds memory access in bdfReadCharacters
https://notcve.org/view.php?id=CVE-2015-1804
18 Mar 2015 — The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via a crafted BDF font file. La función bdfReadCharacters en bitmap/bdfread.c en X.Org libXfont anterior a 1.4.9 y 1.5.x anterior a 1.5.1 no realiza adecuadamente la conversión de tipos para valores métricos, l... • http://advisories.mageia.org/MGASA-2015-0113.html • CWE-189: Numeric Errors CWE-805: Buffer Access with Incorrect Length Value •