CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
96.1%
libXfont is the X.Org Xfont library, some parts are based on the FreeType code base.
Several integer overflows have been found in the PCF font parser.
A local attacker could possibly execute arbitrary code or crash the Xserver by enticing a user to load a specially crafted PCF font file.
Do not use untrusted PCF Font files.
All libXfont users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-libs/libXfont-1.2.0-r1"
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | x11-libs/libxfont | < 1.2.0-r1 | UNKNOWN |