Summary
Detail | |||
---|---|---|---|
Vendor | X | First view | 2011-08-19 |
Product | Libxfont | Last view | 2017-12-01 |
Version | 1.3.1 | Type | Application |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:x:libxfont |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
5.5 | 2017-12-01 | CVE-2017-16611 | In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files. |
9.8 | 2017-08-18 | CVE-2007-5199 | A single byte overflow in catalogue.c in X.Org libXfont 1.3.1 allows remote attackers to have unspecified impact. |
8.5 | 2015-03-20 | CVE-2015-1804 | The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via a crafted BDF font file. |
8.5 | 2015-03-20 | CVE-2015-1803 | The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a crafted BDF font file. |
8.5 | 2015-03-20 | CVE-2015-1802 | The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a (1) negative or (2) large property count in a BDF font file. |
7.5 | 2014-05-15 | CVE-2014-0211 | Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow. |
7.5 | 2014-05-15 | CVE-2014-0210 | Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info function. |
4.6 | 2014-05-15 | CVE-2014-0209 | Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata. |
9.3 | 2014-01-09 | CVE-2013-6462 | Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont 1.1 through 1.4.6 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in a character name in a BDF font file. |
9.3 | 2011-08-19 | CVE-2011-2895 | The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
55% (5) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
33% (3) | CWE-189 | Numeric Errors |
11% (1) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
74927 | X.Org libXfont src/fontfile/decompress.c BufCompressedFill() Function LZW Dec... |
OpenVAS Exploits
id | Description |
---|---|
2012-07-30 | Name : CentOS Update for freetype CESA-2011:1161 centos4 x86_64 File : nvt/gb_CESA-2011_1161_freetype_centos4_x86_64.nasl |
2012-07-30 | Name : CentOS Update for xorg-x11 CESA-2011:1155 centos4 x86_64 File : nvt/gb_CESA-2011_1155_xorg-x11_centos4_x86_64.nasl |
2012-07-30 | Name : CentOS Update for libXfont CESA-2011:1154 centos5 x86_64 File : nvt/gb_CESA-2011_1154_libXfont_centos5_x86_64.nasl |
2012-05-18 | Name : Mac OS X Multiple Vulnerabilities (2012-002) File : nvt/gb_macosx_su12-002.nasl |
2012-02-12 | Name : FreeBSD Ports: FreeBSD File : nvt/freebsd_FreeBSD14.nasl |
2012-02-06 | Name : Mac OS X Multiple Vulnerabilities (2012-001) File : nvt/gb_macosx_su12-001.nasl |
2011-11-08 | Name : Mandriva Update for gimp MDVSA-2011:167 (gimp) File : nvt/gb_mandriva_MDVSA_2011_167.nasl |
2011-10-21 | Name : Mandriva Update for libxfont MDVSA-2011:153 (libxfont) File : nvt/gb_mandriva_MDVSA_2011_153.nasl |
2011-10-16 | Name : FreeBSD Security Advisory (FreeBSD-SA-11:04.compress.asc) File : nvt/freebsdsa_compress.nasl |
2011-10-14 | Name : Mandriva Update for cups MDVSA-2011:146 (cups) File : nvt/gb_mandriva_MDVSA_2011_146.nasl |
2011-09-23 | Name : CentOS Update for libXfont CESA-2011:1154 centos5 i386 File : nvt/gb_CESA-2011_1154_libXfont_centos5_i386.nasl |
2011-09-21 | Name : FreeBSD Ports: libXfont File : nvt/freebsd_libXfont.nasl |
2011-09-21 | Name : Debian Security Advisory DSA 2293-1 (libxfont) File : nvt/deb_2293_1.nasl |
2011-08-19 | Name : CentOS Update for freetype CESA-2011:1161 centos4 i386 File : nvt/gb_CESA-2011_1161_freetype_centos4_i386.nasl |
2011-08-18 | Name : CentOS Update for xorg-x11 CESA-2011:1155 centos4 i386 File : nvt/gb_CESA-2011_1155_xorg-x11_centos4_i386.nasl |
2011-08-18 | Name : RedHat Update for freetype RHSA-2011:1161-01 File : nvt/gb_RHSA-2011_1161-01_freetype.nasl |
2011-08-18 | Name : Ubuntu Update for libxfont USN-1191-1 File : nvt/gb_ubuntu_USN_1191_1.nasl |
2011-08-12 | Name : RedHat Update for libXfont RHSA-2011:1154-01 File : nvt/gb_RHSA-2011_1154-01_libXfont.nasl |
2011-08-12 | Name : RedHat Update for xorg-x11 RHSA-2011:1155-01 File : nvt/gb_RHSA-2011_1155-01_xorg-x11.nasl |
Information Assurance Vulnerability Management (IAVM)
id | Description |
---|---|
2015-A-0160 | Multiple Vulnerabilities in Oracle Linux and Virtualization Severity: Category I - VMSKEY: V0061123 |
2014-A-0058 | Multiple Vulnerabilities in Oracle & Sun Systems Product Suite Severity: Category I - VMSKEY: V0049579 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2018-03-07 | Name: The remote Fedora host is missing a security update. File: fedora_2018-e27b435a7f.nasl - Type: ACT_GATHER_INFO |
2018-03-07 | Name: The remote Fedora host is missing a security update. File: fedora_2018-5a7cd68500.nasl - Type: ACT_GATHER_INFO |
2018-03-07 | Name: The remote Fedora host is missing a security update. File: fedora_2018-4f5a3e792f.nasl - Type: ACT_GATHER_INFO |
2018-03-07 | Name: The remote Fedora host is missing a security update. File: fedora_2018-05b078c373.nasl - Type: ACT_GATHER_INFO |
2018-01-09 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201801-10.nasl - Type: ACT_GATHER_INFO |
2017-12-18 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_08a125f3e35a11e7a29354e1ad3d6335.nasl - Type: ACT_GATHER_INFO |
2017-11-30 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-3500-1.nasl - Type: ACT_GATHER_INFO |
2017-11-30 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2017-333-02.nasl - Type: ACT_GATHER_INFO |
2016-10-13 | Name: The remote device is affected by multiple vulnerabilities. File: appletv_9_1.nasl - Type: ACT_GATHER_INFO |
2015-12-21 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2015-913.nasl - Type: ACT_GATHER_INFO |
2015-12-11 | Name: The remote host is missing a Mac OS X update that fixes multiple security vul... File: macosx_SecUpd2015-008.nasl - Type: ACT_GATHER_INFO |
2015-12-10 | Name: The remote host is missing a Mac OS X update that fixes multiple security vul... File: macosx_10_11_2.nasl - Type: ACT_GATHER_INFO |
2015-10-22 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2015-1708.nasl - Type: ACT_GATHER_INFO |
2015-09-23 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2015-597.nasl - Type: ACT_GATHER_INFO |
2015-09-17 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2015-1708.nasl - Type: ACT_GATHER_INFO |
2015-09-04 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20150903_libXfont_on_SL6_x.nasl - Type: ACT_GATHER_INFO |
2015-09-04 | Name: The remote OracleVM host is missing a security update. File: oraclevm_OVMSA-2015-0120.nasl - Type: ACT_GATHER_INFO |
2015-09-04 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2015-1708.nasl - Type: ACT_GATHER_INFO |
2015-07-23 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201507-21.nasl - Type: ACT_GATHER_INFO |
2015-07-16 | Name: The application installed on the remote host is affected by multiple vulnerab... File: oracle_secure_global_desktop_jul_2015_cpu.nasl - Type: ACT_GATHER_INFO |
2015-04-08 | Name: The remote SuSE 11 host is missing one or more security updates. File: suse_11_xorg-x11-devel-150317.nasl - Type: ACT_GATHER_INFO |
2015-03-30 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2015-266.nasl - Type: ACT_GATHER_INFO |
2015-03-30 | Name: The remote Mandriva Linux host is missing one or more security updates. File: mandriva_MDVSA-2015-145.nasl - Type: ACT_GATHER_INFO |
2015-03-30 | Name: The remote Debian host is missing a security update. File: debian_DLA-183.nasl - Type: ACT_GATHER_INFO |
2015-03-27 | Name: The remote Fedora host is missing a security update. File: fedora_2015-3964.nasl - Type: ACT_GATHER_INFO |