CVE-2015-1804 – libXfont: out-of-bounds memory access in bdfReadCharacters

https://notcve.org/view.php?id=CVE-2015-1804

The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via a crafted BDF font file. La función bdfReadCharacters en bitmap/bdfread.c en X.Org libXfont anterior a 1.4.9 y 1.5.x anterior a 1.5.1 no realiza adecuadamente la conversión de tipos para valores métricos, lo que permite a usuarios remotos autenticados causar una denegación de servicio (acceso a memoria fuera de rango) y la posibilidad de ejecutar código arbitrario a través de archivos de fuente BDF. An integer truncation flaw was discovered in the way libXfont processed certain Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with the privileges of the X.Org server. • http://advisories.mageia.org/MGASA-2015-0113.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152497.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152838.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00005.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00074.html http:/ • CWE-189: Numeric Errors CWE-805: Buffer Access with Incorrect Length Value •