libXfont -- Stack buffer overflow in parsing of BDF font files in libXfont

ID 28C575FA-784E-11E3-8249-001CC0380077
Type freebsd
Reporter FreeBSD
Modified 2013-12-24T00:00:00

Description reports:

A BDF font file containing a longer than expected string can cause a buffer overflow on the stack. Testing in X servers built with Stack Protector restulted in an immediate crash when reading a user-proveded specially crafted font. As libXfont is used to read user-specified font files in all X servers distributed by X.Org, including the Xorg server which is often run with root privileges or as setuid-root in order to access hardware, this bug may lead to an unprivileged user acquiring root privileges in some systems.