CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2017-16611 – Gentoo Linux Security Advisory 201801-10
https://notcve.org/view.php?id=CVE-2017-16611
29 Nov 2017 — In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files. En libXfont en versiones anteriores a la 1.5.4 y libXfont2 en versiones anteriores a la 2.0.3, un atacante local puede abrir (pero no leer) archivos en el sistema como root, desencadenando rebobinados de cinta, watchdogs o mecanismos similares que se pueden desencadenar abriendo archivos. I... • http://security.cucumberlinux.com/security/details.php?id=155 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2017-13720 – Debian Security Advisory 3995-1
https://notcve.org/view.php?id=CVE-2017-13720
10 Oct 2017 — In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash (denial of service). This occurs because '\0' characters are incorrectly skipped in situations involving ? characters. En la función PatternMatch en fontfile/fontdir.c en libXfont, en versiones hasta la 1.5.2 y versiones 2.x hasta la 2.0.2, un atacante con acces... • http://www.debian.org/security/2017/dsa-3995 • CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2017-13722 – Debian Security Advisory 3995-1
https://notcve.org/view.php?id=CVE-2017-13722
10 Oct 2017 — In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server. En la función pcfGetProperties en bitmap/pcfread.c en libXfont, en versiones hasta la 1.5.2 y versiones 2.x hasta la 2.0.2, atacantes autenticados en un servidor X podrían utilizar la falta de una comprobación de límites (para arc... • http://www.debian.org/security/2017/dsa-3995 • CWE-125: Out-of-bounds Read •