Page 2 of 13 results (0.019 seconds)

CVSS: 8.5EPSS: 1%CPEs: 7EXPL: 0

CVE-2015-1804 – libXfont: out-of-bounds memory access in bdfReadCharacters

https://notcve.org/view.php?id=CVE-2015-1804

The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via a crafted BDF font file. La función bdfReadCharacters en bitmap/bdfread.c en X.Org libXfont anterior a 1.4.9 y 1.5.x anterior a 1.5.1 no realiza adecuadamente la conversión de tipos para valores métricos, lo que permite a usuarios remotos autenticados causar una denegación de servicio (acceso a memoria fuera de rango) y la posibilidad de ejecutar código arbitrario a través de archivos de fuente BDF. An integer truncation flaw was discovered in the way libXfont processed certain Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with the privileges of the X.Org server. • http://advisories.mageia.org/MGASA-2015-0113.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152497.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152838.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00005.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00074.html http:/ • CWE-189: Numeric Errors CWE-805: Buffer Access with Incorrect Length Value •

CVSS: 6.9EPSS: 0%CPEs: 26EXPL: 0

CVE-2014-0209 – libXfont: integer overflow of allocations in font metadata file parsing

https://notcve.org/view.php?id=CVE-2014-0209

Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata. Múltiples desbordamientos de enteros en las funciones (1) FontFileAddEntry y (2) lexAlias en X.Org libXfont anterior a 1.4.8 y 1.4.9x anterior a 1.4.99.901 podrían permitir a usuarios locales ganar privilegios mediante la adición de un directorio con un archivo fonts.dir o fonts.alias largo a la ruta de la fuente, lo que provoca un desbordamiento de buffer basado en memoria dinámica, relacionado con metadatos. A use-after-free flaw was found in the way libXfont processed certain font files when attempting to add a new directory to the font path. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. • http://advisories.mageia.org/MGASA-2014-0278.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00073.html http://lists.x.org/archives/xorg-announce/2014-May/002431.html http://rhn.redhat.com/errata/RHSA-2014-1893.html http://seclists.org/fulldisclosure/2014/Dec/23 http://secunia.com/advisories/59154 http://www.debian.org/security/2014/dsa-2927 http://www.mandriva.com/security/advisories?name=MDVSA-2015:145 http://www.oracle.com/technetwork/topics/security/cpujul2014-1 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •

CVSS: 7.5EPSS: 2%CPEs: 26EXPL: 0

CVE-2014-0210 – libXfont: unvalidated length fields when parsing xfs protocol replies

https://notcve.org/view.php?id=CVE-2014-0210

Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info function. Múltiples desbordamientos de buffer en X.Org libXfont anterior a 1.4.8 y 1.4.9x anterior a 1.4.99.901 permiten a servidores remotos de fuentes ejecutar código arbitrario a través de una respuesta de protocolo xfs manipulada hacia la función (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5) fs_read_glyphs, (6) fs_read_list o (7) fs_read_list_info. Multiple out-of-bounds write flaws were found in the way libXfont parsed replies received from an X.org font server. A malicious X.org server could cause an X client to crash or, possibly, execute arbitrary code with the privileges of the X.Org server. • http://advisories.mageia.org/MGASA-2014-0278.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00073.html http://lists.x.org/archives/xorg-announce/2014-May/002431.html http://rhn.redhat.com/errata/RHSA-2014-1893.html http://seclists.org/fulldisclosure/2014/Dec/23 http://secunia.com/advisories/59154 http://www.debian.org/security/2014/dsa-2927 http://www.mandriva.com/security/advisories?name=MDVSA-2015:145 http://www.oracle.com/technetwork/topics/security/cpujul2014-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 2%CPEs: 26EXPL: 0

CVE-2014-0211 – libXfont: integer overflows calculating memory needs for xfs replies

https://notcve.org/view.php?id=CVE-2014-0211

Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow. Múltiples desbordamientos de enteros en las funciones (1) fs_get_reply, (2) fs_alloc_glyphs y (3) fs_read_extent_info en X.Org libXfont anterior a 1.4.8 y 1.4.9x anterior a 1.4.99.901 permiten a servidores remotos de fuentes ejecutar código arbitrario a través de una respuesta xfs manipulada, lo que provoca un desbordamiento de buffer. Multiple out-of-bounds write flaws were found in the way libXfont parsed replies received from an X.org font server. A malicious X.org server could cause an X client to crash or, possibly, execute arbitrary code with the privileges of the X.Org server. • http://advisories.mageia.org/MGASA-2014-0278.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00073.html http://lists.x.org/archives/xorg-announce/2014-May/002431.html http://rhn.redhat.com/errata/RHSA-2014-1893.html http://seclists.org/fulldisclosure/2014/Dec/23 http://secunia.com/advisories/59154 http://www.debian.org/security/2014/dsa-2927 http://www.mandriva.com/security/advisories?name=MDVSA-2015:145 http://www.oracle.com/technetwork/topics/security/cpujul2014-1 • CWE-189: Numeric Errors CWE-787: Out-of-bounds Write •

CVSS: 9.3EPSS: 21%CPEs: 23EXPL: 1

CVE-2013-6462 – libXfont: stack-based buffer overflow flaw when parsing Glyph Bitmap Distribution Format (BDF) fonts

https://notcve.org/view.php?id=CVE-2013-6462

Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont 1.1 through 1.4.6 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in a character name in a BDF font file. Desbordamiento de pila en la función bdfReadCharacters de bitmap/bdfread.c en X.Org libXfont 1.1 hasta 1.4.6 permite a atacantes remotos causar una denegación de servicio (crash) o probablemente ejecutar código de forma arbitraria a través de una cadena larga en el nombre de un caracter de un archivo de fuentes BDF. • http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=4d024ac10f964f6bd372ae0dd14f02772a6e5f63 http://lists.opensuse.org/opensuse-updates/2014-01/msg00050.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00052.html http://lists.x.org/archives/xorg-announce/2014-January/002389.html http://osvdb.org/101842 http://rhn.redhat.com/errata/RHSA-2014-0018.html http://seclists.org/oss-sec/2014/q1/33 http://secunia.com/advisories/56240 http://secunia.com/advisories/56336 http: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •