Lucene search

Veracode Vulnerability DatabaseVERACODE:24677

HistoryApr 10, 2020 - 1:01 a.m.

Arbitrary Code Execution

2020-04-1001:01:36

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

JSON

libxfont is vulnerable to arbitrary code execution. The vulnerability exists as a buffer overflow flaw was found in the way the libXfont library, used by the X.Org server, handled malformed font files compressed using UNIX compress. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server.

CPENameOperatorVersion
libxfonteq1.2.2__1.0.3.el5_1
libxfonteq1.4.1__1.el6
libxfonteq1.2.2__1.0.2.el5
freetypeeq2.1.9__14.el4.8
freetypeeq2.1.9__17.el4.8
freetypeeq2.1.9__17.el4_8.1
freetypeeq2.1.9__5.el4
freetypeeq2.1.9__1.rhel4.4
freetypeeq2.1.9__10.el4.7
freetypeeq2.1.9__7.el4.6

Name	Operator	Version
libxfont	eq	1.2.2__1.0.3.el5_1
libxfont	eq	1.4.1__1.el6
libxfont	eq	1.2.2__1.0.2.el5
freetype	eq	2.1.9__14.el4.8
freetype	eq	2.1.9__17.el4.8
freetype	eq	2.1.9__17.el4_8.1
freetype	eq	2.1.9__5.el4
freetype	eq	2.1.9__1.rhel4.4
freetype	eq	2.1.9__10.el4.7
freetype	eq	2.1.9__7.el4.6

Rows per page:

1-10 of 281

References

cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d11ee5886e9d9ec610051a206b135a4cdc1e09a0

ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-007.txt.asc

lists.apple.com/archives/security-announce/2012/Feb/msg00000.html

lists.apple.com/archives/security-announce/2012/May/msg00001.html

lists.apple.com/archives/security-announce/2015/Dec/msg00000.html

lists.apple.com/archives/security-announce/2015/Dec/msg00001.html

lists.apple.com/archives/security-announce/2015/Dec/msg00002.html

lists.apple.com/archives/security-announce/2015/Dec/msg00005.html

lists.freedesktop.org/archives/xorg-announce/2011-August/001721.html

lists.freedesktop.org/archives/xorg-announce/2011-August/001722.html

lists.opensuse.org/opensuse-security-announce/2011-09/msg00019.html

lists.opensuse.org/opensuse-security-announce/2011-12/msg00004.html

secunia.com/advisories/45544

secunia.com/advisories/45568

secunia.com/advisories/45599

secunia.com/advisories/45986

secunia.com/advisories/46127

secunia.com/advisories/48951

securitytracker.com/id?1025920

support.apple.com/kb/HT5130

support.apple.com/kb/HT5281

www.debian.org/security/2011/dsa-2293

www.mandriva.com/security/advisories?name=MDVSA-2011:153

www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/compress/zopen.c#rev1.17

www.openwall.com/lists/oss-security/2011/08/10/10

www.redhat.com/support/errata/RHSA-2011-1154.html

www.redhat.com/support/errata/RHSA-2011-1155.html

www.redhat.com/support/errata/RHSA-2011-1161.html

www.redhat.com/support/errata/RHSA-2011-1834.html

www.securityfocus.com/bid/49124

www.ubuntu.com/usn/USN-1191-1

access.redhat.com/errata/RHSA-2011:1154

access.redhat.com/security/updates/classification/#important

bugzilla.redhat.com/show_bug.cgi?id=725760

bugzilla.redhat.com/show_bug.cgi?id=727624

exchange.xforce.ibmcloud.com/vulnerabilities/69141

support.apple.com/HT205635

support.apple.com/HT205637

support.apple.com/HT205640

support.apple.com/HT205641

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

JSON

Related for VERACODE:24677