Vulnerabilities > X > Libxfont

DATE CVE VULNERABILITY TITLE RISK
2017-12-01 CVE-2017-16611 Link Following vulnerability in multiple products
In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files.
local
low complexity
debian canonical x CWE-59
4.9
2017-08-18 CVE-2007-5199 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in X Libxfont 1.3.1
A single byte overflow in catalogue.c in X.Org libXfont 1.3.1 allows remote attackers to have unspecified impact.
network
low complexity
x CWE-119
7.5
2015-03-20 CVE-2015-1804 Numeric Errors vulnerability in X Libxfont
The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via a crafted BDF font file.
8.5
2015-03-20 CVE-2015-1803 Local Denial of Service vulnerability in X.Org libXfont 'bitmap/bdfread.c'
The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a crafted BDF font file.
network
canonical debian x
8.5
2015-03-20 CVE-2015-1802 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in X Libxfont
The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a (1) negative or (2) large property count in a BDF font file.
8.5
2014-05-15 CVE-2014-0211 Numeric Errors vulnerability in multiple products
Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow.
network
low complexity
canonical x CWE-189
7.5
2014-05-15 CVE-2014-0210 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info function.
network
low complexity
x canonical CWE-119
7.5
2014-05-15 CVE-2014-0209 Numeric Errors vulnerability in multiple products
Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata.
local
low complexity
x canonical CWE-189
4.6
2014-01-09 CVE-2013-6462 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in X Libxfont
Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont 1.1 through 1.4.6 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in a character name in a BDF font file.
network
x CWE-119
critical
9.3
2011-08-19 CVE-2011-2895 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.
network
freetype x freebsd netbsd openbsd CWE-119
critical
9.3