Lucene search
+L

532 matches found

Slackware Linux
Slackware Linux
added 2017/11/29 8:19 a.m.28 views

[slackware-security] libXfont

New libXfont packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and 14.2 to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/libXfont-1.5.1-i486-2slack14.2.txz: Rebuilt. Open files with ONOFOLLOW. CVE-2017-16611 A non-privileged X...

5.5CVSS5.8AI score0.0042EPSS
Exploits0
OSV
OSV
added 2017/11/28 12:0 a.m.5 views

UBUNTU-CVE-2017-16611

In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open but not read files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files...

5.5CVSS6.6AI score0.0042EPSS
Exploits0References6
FreeBSD
FreeBSD
added 2017/11/25 12:0 a.m.24 views

libXfont -- permission bypass when opening files through symlinks

the freedesktop.org project reports: A non-privileged X client can instruct X server running under root to open any file by creating own directory with "fonts.dir", "fonts.alias" or any font file being a symbolic link to any other file in the system. X server will then open it. This can be issue...

5.5CVSS5.8AI score0.0042EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2017/10/27 12:0 a.m.34 views

Fedora Update for libXfont FEDORA-2017-b7c4334524

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.1CVSS7AI score0.00442EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2017/10/27 12:0 a.m.18 views

Fedora Update for libXfont FEDORA-2017-2783ef2c63

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.1CVSS7AI score0.00442EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2017/10/26 12:0 a.m.23 views

Fedora 25 : libXfont (2017-b7c4334524)

Security fix for CVE-2017-13720 and CVE-2017-13722 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

7.1CVSS6.3AI score0.00442EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2017/10/26 12:0 a.m.21 views

Fedora 26 : libXfont (2017-2783ef2c63)

Security fix for CVE-2017-13720 and CVE-2017-13722 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

7.1CVSS6.3AI score0.00442EPSS
Exploits0References3
Fedora
Fedora
added 2017/10/25 11:17 p.m.28 views

[SECURITY] Fedora 26 Update: libXfont-1.5.2-5.fc26

X.Org X11 libXfont runtime library...

7.1CVSS2.2AI score0.00442EPSS
Exploits0
Fedora
Fedora
added 2017/10/25 9:23 p.m.29 views

[SECURITY] Fedora 25 Update: libXfont-1.5.2-5.fc25

X.Org X11 libXfont runtime library...

7.1CVSS2.2AI score0.00442EPSS
Exploits0
OSV
OSV
added 2017/10/18 8:19 p.m.8 views

MGASA-2017-0373 Updated libxfont packages fix security vulnerabilities

In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash denial of service. This occurs because '\0'...

7.1CVSS6.7AI score0.00442EPSS
Exploits0References4
Mageia
Mageia
added 2017/10/18 8:19 p.m.41 views

Updated libxfont packages fix security vulnerabilities

In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash denial of service. This occurs because '\0'...

7.1CVSS2.5AI score0.00442EPSS
Exploits0References3
Fedora
Fedora
added 2017/10/17 12:19 a.m.55 views

[SECURITY] Fedora 27 Update: libXfont-1.5.2-5.fc27

X.Org X11 libXfont runtime library...

7.1CVSS2.2AI score0.00442EPSS
Exploits0
CNVD
CNVD
added 2017/10/12 12:0 a.m.6 views

libxfont Denial of Service Vulnerability (CNVD-2017-30425)

libXfont is an X font processing library for servers and utilities from the X.Org Foundation. A denial of service vulnerability exists in the 'pcfGetProperties' function of the bitmap/pcfread.c file in libXfont versions 1.5.2 and earlier, and version 2.x prior to 2.0.2, which stems from the...

7.1CVSS6.8AI score0.00396EPSS
Exploits0References1
NVD
NVD
added 2017/10/11 5:29 p.m.25 views

CVE-2017-13722

In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check for PCF files could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server...

7.1CVSS5.4AI score0.00396EPSS
Exploits0References6
Prion
Prion
added 2017/10/11 5:29 p.m.22 views

Information disclosure

In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash denial of service. This occurs because '\0'...

3.6CVSS6.6AI score0.00442EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2017/10/11 5:29 p.m.23 views

CVE-2017-13722

In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check for PCF files could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server...

7.1CVSS6.6AI score
Exploits0References6
OSV
OSV
added 2017/10/11 5:29 p.m.27 views

CVE-2017-13720

In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash denial of service. This occurs because '\0'...

7.1CVSS6.8AI score
Exploits0References6
Debian CVE
Debian CVE
added 2017/10/11 5:0 p.m.50 views

CVE-2017-13720

In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash denial of service. This occurs because '\0'...

7.1CVSS7AI score0.00442EPSS
Exploits0
Debian CVE
Debian CVE
added 2017/10/11 5:0 p.m.42 views

CVE-2017-13722

In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check for PCF files could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server...

7.1CVSS6.8AI score0.00396EPSS
Exploits0
CVE
CVE
added 2017/10/11 5:0 p.m.131 views

CVE-2017-13720

Summary: LibXfont (libXfont and libXfont2) contains a vulnerability in the PatternMatch function (fontfile/fontdir.c). The flaw allows a buffer over-read during font pattern matching, potentially leading to information disclosure or a crash. It affects libXfont up to 1.5.2 and libXfont2 up to 2.x...

7.1CVSS5.9AI score0.00442EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder