Summary
| Detail | |||
|---|---|---|---|
| Vendor | X | First view | 2015-03-20 |
| Product | Libxfont | Last view | 2017-12-01 |
| Version | 1.4.8 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:x:libxfont | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 5.5 | 2017-12-01 | CVE-2017-16611 | In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files. |
| 8.5 | 2015-03-20 | CVE-2015-1804 | The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via a crafted BDF font file. |
| 8.5 | 2015-03-20 | CVE-2015-1803 | The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a crafted BDF font file. |
| 8.5 | 2015-03-20 | CVE-2015-1802 | The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a (1) negative or (2) large property count in a BDF font file. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 33% (1) | CWE-189 | Numeric Errors |
| 33% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 33% (1) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2015-A-0160 | Multiple Vulnerabilities in Oracle Linux and Virtualization Severity: Category I - VMSKEY: V0061123 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2018-03-07 | Name: The remote Fedora host is missing a security update. File: fedora_2018-e27b435a7f.nasl - Type: ACT_GATHER_INFO |
| 2018-03-07 | Name: The remote Fedora host is missing a security update. File: fedora_2018-5a7cd68500.nasl - Type: ACT_GATHER_INFO |
| 2018-03-07 | Name: The remote Fedora host is missing a security update. File: fedora_2018-4f5a3e792f.nasl - Type: ACT_GATHER_INFO |
| 2018-03-07 | Name: The remote Fedora host is missing a security update. File: fedora_2018-05b078c373.nasl - Type: ACT_GATHER_INFO |
| 2018-01-09 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201801-10.nasl - Type: ACT_GATHER_INFO |
| 2017-12-18 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_08a125f3e35a11e7a29354e1ad3d6335.nasl - Type: ACT_GATHER_INFO |
| 2017-11-30 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-3500-1.nasl - Type: ACT_GATHER_INFO |
| 2017-11-30 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2017-333-02.nasl - Type: ACT_GATHER_INFO |
| 2015-12-21 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2015-913.nasl - Type: ACT_GATHER_INFO |
| 2015-10-22 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2015-1708.nasl - Type: ACT_GATHER_INFO |
| 2015-09-23 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2015-597.nasl - Type: ACT_GATHER_INFO |
| 2015-09-17 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2015-1708.nasl - Type: ACT_GATHER_INFO |
| 2015-09-04 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20150903_libXfont_on_SL6_x.nasl - Type: ACT_GATHER_INFO |
| 2015-09-04 | Name: The remote OracleVM host is missing a security update. File: oraclevm_OVMSA-2015-0120.nasl - Type: ACT_GATHER_INFO |
| 2015-09-04 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2015-1708.nasl - Type: ACT_GATHER_INFO |
| 2015-07-23 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201507-21.nasl - Type: ACT_GATHER_INFO |
| 2015-07-16 | Name: The application installed on the remote host is affected by multiple vulnerab... File: oracle_secure_global_desktop_jul_2015_cpu.nasl - Type: ACT_GATHER_INFO |
| 2015-04-08 | Name: The remote SuSE 11 host is missing one or more security updates. File: suse_11_xorg-x11-devel-150317.nasl - Type: ACT_GATHER_INFO |
| 2015-03-30 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2015-266.nasl - Type: ACT_GATHER_INFO |
| 2015-03-30 | Name: The remote Mandriva Linux host is missing one or more security updates. File: mandriva_MDVSA-2015-145.nasl - Type: ACT_GATHER_INFO |
| 2015-03-30 | Name: The remote Debian host is missing a security update. File: debian_DLA-183.nasl - Type: ACT_GATHER_INFO |
| 2015-03-25 | Name: The remote Fedora host is missing a security update. File: fedora_2015-4230.nasl - Type: ACT_GATHER_INFO |
| 2015-03-23 | Name: The remote Fedora host is missing a security update. File: fedora_2015-4199.nasl - Type: ACT_GATHER_INFO |
| 2015-03-19 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-2536-1.nasl - Type: ACT_GATHER_INFO |
| 2015-03-18 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-3194.nasl - Type: ACT_GATHER_INFO |
