Vulnerabilities > X > Libxfont > High

DATE CVE VULNERABILITY TITLE RISK
2017-08-18 CVE-2007-5199 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in X Libxfont 1.3.1
A single byte overflow in catalogue.c in X.Org libXfont 1.3.1 allows remote attackers to have unspecified impact.
network
low complexity
x CWE-119
7.5
2015-03-20 CVE-2015-1804 Numeric Errors vulnerability in X Libxfont
The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via a crafted BDF font file.
8.5
2015-03-20 CVE-2015-1803 Local Denial of Service vulnerability in X.Org libXfont 'bitmap/bdfread.c'
The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a crafted BDF font file.
network
canonical debian x
8.5
2015-03-20 CVE-2015-1802 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in X Libxfont
The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a (1) negative or (2) large property count in a BDF font file.
8.5
2014-05-15 CVE-2014-0211 Numeric Errors vulnerability in multiple products
Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow.
network
low complexity
canonical x CWE-189
7.5
2014-05-15 CVE-2014-0210 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info function.
network
low complexity
x canonical CWE-119
7.5