7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.025 Low
EPSS
Percentile
90.1%
Alan Coopersmith reports:
Ilja van Sprundel, a security researcher with IOActive, has
discovered several issues in the way the libXfont library
handles the responses it receives from xfs servers, and has
worked with X.Org’s security team to analyze, confirm, and fix
these issues.
Most of these issues stem from libXfont trusting the font server
to send valid protocol data, and not verifying that the values
will not overflow or cause other damage. This code is commonly
called from the X server when an X Font Server is active in the
font path, so may be running in a setuid-root process depending
on the X server in use. Exploits of this path could be used by
a local, authenticated user to attempt to raise privileges; or
by a remote attacker who can control the font server to attempt
to execute code with the privileges of the X server.