Vulnerabilities > CVE-2003-0625 - Off-by-one Error vulnerability in Hadrons Xfstt
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
Off-by-one error in certain versions of xfstt allows remote attackers to read potentially sensitive memory via a malformed client request in the connection handshake, which leaks the memory in the server's response.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | xfstt 1.2/1.4 Unspecified Memory Disclosure Vulnerability. CVE-2003-0625 . Dos exploit for linux platform |
| id | EDB-ID:22952 |
| last seen | 2016-02-02 |
| modified | 2003-07-23 |
| published | 2003-07-23 |
| reporter | V9 |
| source | https://www.exploit-db.com/download/22952/ |
| title | xfstt 1.2/1.4 Unspecified Memory Disclosure Vulnerability |
Nessus
| NASL family | Debian Local Security Checks |
| NASL id | DEBIAN_DSA-360.NASL |
| description | xfstt, a TrueType font server for the X window system was found to contain two classes of vulnerabilities : CAN-2003-0581: a remote attacker could send requests crafted to trigger any of several buffer overruns, causing a denial of service or possibly executing arbitrary code on the server with the privileges of the |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 15197 |
| published | 2004-09-29 |
| reporter | This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/15197 |
| title | Debian DSA-360-1 : xfstt - several vulnerabilities |