Lucene search

K
gentooGentoo FoundationGLSA-200609-04
HistorySep 06, 2006 - 12:00 a.m.

LibXfont: Multiple integer overflows

2006-09-0600:00:00
Gentoo Foundation
security.gentoo.org
15

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.168

Percentile

96.1%

Background

libXfont is the X.Org Xfont library, some parts are based on the FreeType code base.

Description

Several integer overflows have been found in the PCF font parser.

Impact

A local attacker could possibly execute arbitrary code or crash the Xserver by enticing a user to load a specially crafted PCF font file.

Workaround

Do not use untrusted PCF Font files.

Resolution

All libXfont users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=x11-libs/libXfont-1.2.0-r1"
OSVersionArchitecturePackageVersionFilename
Gentooanyallx11-libs/libxfont< 1.2.0-r1UNKNOWN

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.168

Percentile

96.1%