CVE-2014-0211

2014-05-1514:55:00

CWE-189

[email protected]

web.nvd.nist.gov

cve-2014-0211

x.org libxfont

buffer overflow

integer overflow

remote execution

nvd

7.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.024 Low

EPSS

Percentile

89.8%

JSON

Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow.

CPENameOperatorVersion
canonical:ubuntu_linuxcanonical ubuntu linuxeq13.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq12.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq14.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq12.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq10.04
x:libxfontx libxfontle1.4.7
x:libxfontx libxfonteq1.4.4
x:libxfontx libxfonteq1.2.7
x:libxfontx libxfonteq1.2.6
x:libxfontx libxfonteq1.3.3

CPE	Name	Operator	Version
canonical:ubuntu_linux	canonical ubuntu linux	eq	13.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	12.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	14.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	12.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	10.04
x:libxfont	x libxfont	le	1.4.7
x:libxfont	x libxfont	eq	1.4.4
x:libxfont	x libxfont	eq	1.2.7
x:libxfont	x libxfont	eq	1.2.6
x:libxfont	x libxfont	eq	1.3.3