CVE-2015-1802

2015-03-1800:00:00

ubuntu.com

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.014 Low

EPSS

Percentile

86.2%

JSON

The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before
1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a
denial of service (out-of-bounds write and crash) or possibly execute
arbitrary code via a (1) negative or (2) large property count in a BDF font
file.

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchlibxfont< 1:1.4.1-1ubuntu0.4UNKNOWN
ubuntu12.04noarchlibxfont< 1:1.4.4-1ubuntu0.3UNKNOWN
ubuntu14.04noarchlibxfont< 1:1.4.7-1ubuntu0.2UNKNOWN
ubuntu14.10noarchlibxfont< 1:1.4.99.901-1ubuntu0.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	10.04	noarch	libxfont	< 1:1.4.1-1ubuntu0.4	UNKNOWN
ubuntu	12.04	noarch	libxfont	< 1:1.4.4-1ubuntu0.3	UNKNOWN
ubuntu	14.04	noarch	libxfont	< 1:1.4.7-1ubuntu0.2	UNKNOWN
ubuntu	14.10	noarch	libxfont	< 1:1.4.99.901-1ubuntu0.1	UNKNOWN