CVSS: 8.5EPSS: 1%CPEs: 7EXPL: 0CVE-2015-1803 – libXfont: crash on invalid read in bdfReadCharacters
https://notcve.org/view.php?id=CVE-2015-1803
The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a crafted BDF font file. La función bdfReadCharacters en bitmap/bdfread.c en X.Org libXfont anterior a 1.4.9 y 1.5.x anterior a 1.5.1 no maneja adecuadamente caracteres bitmaps que no se pueden leer, lo que permite a usuarios remotos autenticados causar una denegación de servicio (referencia a puntero NULO y caída) y la posibilidad de ejecutar código arbitrario a través de un archivo de fuente BDF. A NULL pointer dereference flaw was discovered in the way libXfont processed certain Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user could use this flaw to crash the X.Org server. • http://advisories.mageia.org/MGASA-2015-0113.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152497.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152838.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00005.html http://rhn.redhat.com/errata/RHSA-2015-1708.html http://www.debian& • CWE-476: NULL Pointer Dereference •
CVSS: 8.5EPSS: 1%CPEs: 7EXPL: 0CVE-2015-1804 – libXfont: out-of-bounds memory access in bdfReadCharacters
https://notcve.org/view.php?id=CVE-2015-1804
The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via a crafted BDF font file. La función bdfReadCharacters en bitmap/bdfread.c en X.Org libXfont anterior a 1.4.9 y 1.5.x anterior a 1.5.1 no realiza adecuadamente la conversión de tipos para valores métricos, lo que permite a usuarios remotos autenticados causar una denegación de servicio (acceso a memoria fuera de rango) y la posibilidad de ejecutar código arbitrario a través de archivos de fuente BDF. An integer truncation flaw was discovered in the way libXfont processed certain Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with the privileges of the X.Org server. • http://advisories.mageia.org/MGASA-2015-0113.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152497.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152838.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00005.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00074.html http:/ • CWE-189: Numeric Errors CWE-805: Buffer Access with Incorrect Length Value •
CVSS: 6.9EPSS: 0%CPEs: 26EXPL: 0CVE-2014-0209 – libXfont: integer overflow of allocations in font metadata file parsing
https://notcve.org/view.php?id=CVE-2014-0209
Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata. Múltiples desbordamientos de enteros en las funciones (1) FontFileAddEntry y (2) lexAlias en X.Org libXfont anterior a 1.4.8 y 1.4.9x anterior a 1.4.99.901 podrían permitir a usuarios locales ganar privilegios mediante la adición de un directorio con un archivo fonts.dir o fonts.alias largo a la ruta de la fuente, lo que provoca un desbordamiento de buffer basado en memoria dinámica, relacionado con metadatos. A use-after-free flaw was found in the way libXfont processed certain font files when attempting to add a new directory to the font path. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. • http://advisories.mageia.org/MGASA-2014-0278.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00073.html http://lists.x.org/archives/xorg-announce/2014-May/002431.html http://rhn.redhat.com/errata/RHSA-2014-1893.html http://seclists.org/fulldisclosure/2014/Dec/23 http://secunia.com/advisories/59154 http://www.debian.org/security/2014/dsa-2927 http://www.mandriva.com/security/advisories?name=MDVSA-2015:145 http://www.oracle.com/technetwork/topics/security/cpujul2014-1 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 2%CPEs: 26EXPL: 0CVE-2014-0210 – libXfont: unvalidated length fields when parsing xfs protocol replies
https://notcve.org/view.php?id=CVE-2014-0210
Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info function. Múltiples desbordamientos de buffer en X.Org libXfont anterior a 1.4.8 y 1.4.9x anterior a 1.4.99.901 permiten a servidores remotos de fuentes ejecutar código arbitrario a través de una respuesta de protocolo xfs manipulada hacia la función (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5) fs_read_glyphs, (6) fs_read_list o (7) fs_read_list_info. Multiple out-of-bounds write flaws were found in the way libXfont parsed replies received from an X.org font server. A malicious X.org server could cause an X client to crash or, possibly, execute arbitrary code with the privileges of the X.Org server. • http://advisories.mageia.org/MGASA-2014-0278.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00073.html http://lists.x.org/archives/xorg-announce/2014-May/002431.html http://rhn.redhat.com/errata/RHSA-2014-1893.html http://seclists.org/fulldisclosure/2014/Dec/23 http://secunia.com/advisories/59154 http://www.debian.org/security/2014/dsa-2927 http://www.mandriva.com/security/advisories?name=MDVSA-2015:145 http://www.oracle.com/technetwork/topics/security/cpujul2014-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 2%CPEs: 26EXPL: 0CVE-2014-0211 – libXfont: integer overflows calculating memory needs for xfs replies
https://notcve.org/view.php?id=CVE-2014-0211
Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow. Múltiples desbordamientos de enteros en las funciones (1) fs_get_reply, (2) fs_alloc_glyphs y (3) fs_read_extent_info en X.Org libXfont anterior a 1.4.8 y 1.4.9x anterior a 1.4.99.901 permiten a servidores remotos de fuentes ejecutar código arbitrario a través de una respuesta xfs manipulada, lo que provoca un desbordamiento de buffer. Multiple out-of-bounds write flaws were found in the way libXfont parsed replies received from an X.org font server. A malicious X.org server could cause an X client to crash or, possibly, execute arbitrary code with the privileges of the X.Org server. • http://advisories.mageia.org/MGASA-2014-0278.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00073.html http://lists.x.org/archives/xorg-announce/2014-May/002431.html http://rhn.redhat.com/errata/RHSA-2014-1893.html http://seclists.org/fulldisclosure/2014/Dec/23 http://secunia.com/advisories/59154 http://www.debian.org/security/2014/dsa-2927 http://www.mandriva.com/security/advisories?name=MDVSA-2015:145 http://www.oracle.com/technetwork/topics/security/cpujul2014-1 • CWE-189: Numeric Errors CWE-787: Out-of-bounds Write •