6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.905 High
EPSS
Percentile
98.8%
Matthieu Herrb reports:
Problem Description:
Several vulnerabilities have been identified in xfs, the X font
server. The QueryXBitmaps and QueryXExtents protocol requests
suffer from lack of validation of their ‘length’ parameters.
Impact:
On most modern systems, the font server is accessible only for
local clients and runs with reduced privileges, but on some
systems it may still be accessible from remote clients and
possibly running with root privileges, creating an opportunity
for remote privilege escalation.