CVE-2004-0084
XFree86 4.x - CopyISOLatin1Lowered Font_Name Buffer Overflow
Severity Score
10.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CVE-2004-0083 and CVE-2004-0106.
Desbordamiento de búfer en la función ReadFontAlias en XFree86 4.1.0 a 4.3.0, cuando se usa la función CopyISOLatin1Lowered, permite a usuarios locales o remotos autenticados ejecutar código arbitrario mediante una entrada malformada en el fichero de aliases de fuentes (font.alias), una vulnerabilidad distinta de CAN-2004-0083 y CAN-2004-0106.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2004-01-19 CVE Reserved
- 2004-02-12 First Exploit
- 2004-02-14 CVE Published
- 2024-07-25 EPSS Updated
- 2024-08-08 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (21)
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/23690 | 2004-02-12 | |
http://www.securityfocus.com/bid/9652 | 2024-08-08 |
URL | Date | SRC |
---|---|---|
http://www.redhat.com/support/errata/RHSA-2004-060.html | 2017-10-11 | |
http://www.redhat.com/support/errata/RHSA-2004-061.html | 2017-10-11 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Xfree86 Project Search vendor "Xfree86 Project" | X11r6 Search vendor "Xfree86 Project" for product "X11r6" | 4.1.0 Search vendor "Xfree86 Project" for product "X11r6" and version "4.1.0" | - |
Affected
| ||||||
Xfree86 Project Search vendor "Xfree86 Project" | X11r6 Search vendor "Xfree86 Project" for product "X11r6" | 4.1.11 Search vendor "Xfree86 Project" for product "X11r6" and version "4.1.11" | - |
Affected
| ||||||
Xfree86 Project Search vendor "Xfree86 Project" | X11r6 Search vendor "Xfree86 Project" for product "X11r6" | 4.1.12 Search vendor "Xfree86 Project" for product "X11r6" and version "4.1.12" | - |
Affected
| ||||||
Xfree86 Project Search vendor "Xfree86 Project" | X11r6 Search vendor "Xfree86 Project" for product "X11r6" | 4.2.0 Search vendor "Xfree86 Project" for product "X11r6" and version "4.2.0" | - |
Affected
| ||||||
Xfree86 Project Search vendor "Xfree86 Project" | X11r6 Search vendor "Xfree86 Project" for product "X11r6" | 4.2.1 Search vendor "Xfree86 Project" for product "X11r6" and version "4.2.1" | - |
Affected
| ||||||
Xfree86 Project Search vendor "Xfree86 Project" | X11r6 Search vendor "Xfree86 Project" for product "X11r6" | 4.2.1 Search vendor "Xfree86 Project" for product "X11r6" and version "4.2.1" | errata |
Affected
| ||||||
Xfree86 Project Search vendor "Xfree86 Project" | X11r6 Search vendor "Xfree86 Project" for product "X11r6" | 4.3.0 Search vendor "Xfree86 Project" for product "X11r6" and version "4.3.0" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openbsd Search vendor "Openbsd" for product "Openbsd" | 3.3 Search vendor "Openbsd" for product "Openbsd" and version "3.3" | - |
Affected
| ||||||
Openbsd Search vendor "Openbsd" | Openbsd Search vendor "Openbsd" for product "Openbsd" | 3.4 Search vendor "Openbsd" for product "Openbsd" and version "3.4" | - |
Affected
|