Vulnerabilities > CVE-2003-0581 - Unspecified vulnerability in Xfstt 1.2.1/1.4
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
X Fontserver for Truetype fonts (xfstt) 1.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a (1) FS_QueryXExtents8 or (2) FS_QueryXBitmaps8 packet, and possibly other types of packets, with a large num_ranges value, which causes an out-of-bounds array access.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-360.NASL description xfstt, a TrueType font server for the X window system was found to contain two classes of vulnerabilities : CAN-2003-0581: a remote attacker could send requests crafted to trigger any of several buffer overruns, causing a denial of service or possibly executing arbitrary code on the server with the privileges of the last seen 2020-06-01 modified 2020-06-02 plugin id 15197 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15197 title Debian DSA-360-1 : xfstt - several vulnerabilities NASL family Gain a shell remotely NASL id XFSTT_OVERFLOW.NASL description The remote X Font Service for TrueType (xfstt) is vulnerable to a remote buffer overflow which may lead to code execution as root or a denial of service. last seen 2020-06-01 modified 2020-06-02 plugin id 11814 published 2003-08-01 reporter This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/11814 title TrueType Font Server for X11 (xfstt) Malformed Packet Remote Overflow