532 matches found
Null Pointer Dereference
The libXfont package provides the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. An integer overflow flaw was found in the way libXfont processed certain Glyph Bitmap Distribution Format BDF fonts. A malicious, local user could use this flaw to cras...
Denial Of Service (DoS)
libxfont is vulnerable to denial of service DoS attacks. The vulnerability exists as the bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service out-of-bounds write and crash or possibly...
Denial Of Service (Dos)
libXfont is vulnerable to denial of service. A stack-based buffer overflow occurs when the libXfont library parsed Glyph Bitmap Distribution Format BDF fonts with a long string in a character name. This allows a local attacker to crash the service or potentially execute arbitrary code with the...
X.org X11 security, bug fix, and enhancement update
freeglut 3.0.0-8 - HTTPS URLs - Pin soname to libglut.so.3 in the %files glob 3.0.0-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora28MassRebuild 3.0.0-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora27BinutilsMassRebuild 3.0.0-5 - Rebuilt for...
Security Bulletin: Multiple vulnerabilities in xorg-x11-libs affect IBM Flex System Manager (FSM) (CVE2015-1802, CVE-2015-1803, CVE-2015-1804)
Summary Multiple security vulnerabilities have been discovered in xorg-x11-libs that is embedded in the IBM FSM. This bulletin addresses these vulnerabilities. Vulnerability Details CVEID: CVE-2015-1802 DESCRIPTION: X.Org libXfont could allow a local attacker to gain elevated privileges on the...
Security Bulletin: Vulnerabilities in libXfont affect PowerKVM (CVE-2015-1802, CVE-2015-1803, CVE-2015-1804)
Summary PowerKVM is affected by three vulnerabilities in libXfont. These vulnerabilities are now fixed. Vulnerability Details CVEID: CVE-2015-1802 DESCRIPTION: X.Org libXfont could allow a local attacker to gain elevated privileges on the system, caused by an error in bdfReadProperties in the...
Security Bulletin: Multiple vulnerabilities in cups, curl, libxfont affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance
Summary Multiple vulnerabilities in cups, curl, libxfont affect IBM SmartCloud Provisioning 2.1 for IBM Software Virtual Appliance CVE-2014-9679, CVE-2015-1158, CVE-2015-1159, CVE-2014-3613, CVE-2014-3707, CVE-2014-8150, CVE-2015-3143, CVE-2015-3148,CVE-2015-1802, CVE-2015-1803, CVE-2015-1804...
Fedora Update for libXfont FEDORA-2018-e27b435a7f
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for libXfont FEDORA-2018-5a7cd68500
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 27 : libXfont (2018-e27b435a7f)
Security fix for CVE-2017-16611 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 7030...
Fedora 26 : libXfont (2018-5a7cd68500)
Security fix for CVE-2017-16611 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 7030...
[SECURITY] Fedora 27 Update: libXfont-1.5.4-1.fc27
X.Org X11 libXfont runtime library...
[SECURITY] Fedora 26 Update: libXfont-1.5.4-1.fc26
X.Org X11 libXfont runtime library...
Debian: Security Advisory (DLA-1126-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLED12 / SLES12 Security Update : libXfont (SUSE-SU-2018:0334-1)
This update for libXfont fixes several issues. These security issues were fixed : - CVE-2017-13720: Improper check for end of string in PatterMatch caused invalid reads bsc1054285 - CVE-2017-13722: Malformed PCF file could have caused DoS or leak information bsc1049692 - Prevent the X server from...
openSUSE Security Update : libXfont (openSUSE-2018-124)
This update for libXfont fixes several issues. These security issues were fixed : - CVE-2017-13720: Improper check for end of string in PatterMatch caused invalid reads bsc1054285 - CVE-2017-13722: Malformed PCF file could have caused DoS or leak information bsc1049692 - Prevent the X server from...
SUSE-SU-2018:0334-1 Security update for libXfont
This update for libXfont fixes several issues. These security issues were fixed: - CVE-2017-13720: Improper check for end of string in PatterMatch caused invalid reads bsc1054285 - CVE-2017-13722: Malformed PCF file could have caused DoS or leak information bsc1049692 - Prevent the X server from...
CVE-2017-13720
In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash denial of service. This occurs because '\0'...
CVE-2017-13722
In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check for PCF files could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server...
Fedora 27 : libXfont (2017-f3e5d31524)
Security fix for CVE-2017-13720 and CVE-2017-13722 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...