Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
libxfont vulnerabilities and exploits
(subscribe to this query)
3.6
CVSSv2
CVE-2017-13720
In the PatternMatch function in fontfile/fontdir.c in libXfont up to and including 1.5.2 and 2.x prior to 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash (denial of servi...
X.org Libxfont 2.0.0
X.org Libxfont 2.0.1
X.org Libxfont
3.6
CVSSv2
CVE-2017-13722
In the pcfGetProperties function in bitmap/pcfread.c in libXfont up to and including 1.5.2 and 2.x prior to 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash o...
X.org Libxfont 2.0.0
X.org Libxfont 2.0.1
X.org Libxfont
9.3
CVSSv2
CVE-2011-2895
The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont prior to 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD prior to 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x prior to 5.0.3 and 5.1.x prior to 5.1.1, FreeTyp...
Openbsd Openbsd 3.5
Openbsd Openbsd 3.4
Openbsd Openbsd 3.3
Openbsd Openbsd 2.6
Openbsd Openbsd 2.0
Freebsd Freebsd
Netbsd Netbsd
Openbsd Openbsd 3.0
Openbsd Openbsd 2.9
Openbsd Openbsd 2.3
Openbsd Openbsd 2.4
X Libxfont 1.2.0
X Libxfont 1.2.1
X Libxfont 1.2.9
X Libxfont 1.3.0
X Libxfont 1.4.2
Openbsd Openbsd 3.6
Openbsd Openbsd 2.8
Openbsd Openbsd 2.7
Openbsd Openbsd 2.5
Openbsd Openbsd
X Libxfont 1.2.2
7.5
CVSSv2
CVE-2007-5199
A single byte overflow in catalogue.c in X.Org libXfont 1.3.1 allows remote malicious users to have unspecified impact.
X Libxfont 1.3.1
7.5
CVSSv2
CVE-2008-0006
Buffer overflow in (1) X.Org Xserver prior to 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent malicious users to execute arbitrary code via a PCF font with a large difference between the last col and first col va...
Sun Solaris Libfont
Sun Solaris Libxfont
X.org Xserver
4.9
CVSSv2
CVE-2017-16611
In libXfont prior to 1.5.4 and libXfont2 prior to 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files.
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 17.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 17.10
X Libxfont
8.5
CVSSv2
CVE-2007-1351
Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont prior to 20070403 and (2) freetype 2.3.2 and previous versions allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.
Ubuntu Ubuntu Linux 6.06 Lts
Ubuntu Ubuntu Linux 5.10
Ubuntu Ubuntu Linux 6.10
X.org Libxfont 1.2.2
Xfree86 Project X11r6 4.3.0
Xfree86 Project X11r6 4.3.0.1
Xfree86 Project X11r6 4.3.0.2
Rpath Rpath Linux 1
Redhat Enterprise Linux 2.1
Redhat Enterprise Linux 4.0
Redhat Linux Advanced Workstation 2.1
Redhat Enterprise Linux 3.0
Redhat Enterprise Linux Desktop 3.0
Redhat Enterprise Linux Desktop 4.0
Redhat Enterprise Linux 5.0
Openbsd Openbsd 3.9
Openbsd Openbsd 4.0
Mandrakesoft Mandrake Multi Network Firewall 2.0
3.8
CVSSv2
CVE-2007-1352
Integer overflow in the FontFileInitTable function in X.Org libXfont prior to 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow.
Mandrakesoft Mandrake Multi Network Firewall 2.0
X.org Libxfont 1.2.2
Redhat Enterprise Linux 2.1
Redhat Enterprise Linux 3.0
Redhat Enterprise Linux 4.0
Redhat Fedora Core Core 1.0
Redhat Linux 9.0
Redhat Enterprise Linux Desktop 5.0
Redhat Linux Advanced Workstation 2.1
Redhat Enterprise Linux Desktop 3.0
Redhat Enterprise Linux Desktop 4.0
Slackware Slackware Linux Current
Slackware Slackware Linux 9.0
Slackware Slackware Linux 9.1
Turbolinux Turbolinux Desktop 10.0
Ubuntu Ubuntu Linux 5.10
Ubuntu Ubuntu Linux 6.06 Lts
Ubuntu Ubuntu Linux 6.10
Ubuntu Ubuntu Linux 4.1
Rpath Linux 1
Openbsd Openbsd 3.9
Openbsd Openbsd 4.0
9.3
CVSSv2
CVE-2007-6427
The XInput extension in X.Org Xserver prior to 1.4.1 allows context-dependent malicious users to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990.
X.org X Server
Canonical Ubuntu Linux 6.06
Canonical Ubuntu Linux 6.10
Canonical Ubuntu Linux 7.04
Canonical Ubuntu Linux 7.10
Debian Debian Linux 3.1
Debian Debian Linux 4.0
Apple Mac Os X
Fedoraproject Fedora 7
Fedoraproject Fedora 8
Opensuse Opensuse 10.2
Opensuse Opensuse 10.3
Suse Linux 10.1
Suse Linux Enterprise Desktop 9
Suse Linux Enterprise Desktop 10
Suse Linux Enterprise Server 8
Suse Linux Enterprise Server 9
Suse Linux Enterprise Server 10
Suse Linux Enterprise Software Development Kit 10
Suse Open Enterprise Server -
5
CVSSv2
CVE-2007-6428
The ProcGetReservedColormapEntries function in the TOG-CUP extension in X.Org Xserver prior to 1.4.1 allows context-dependent malicious users to read the contents of arbitrary memory locations via a request containing a 32-bit value that is improperly used as an array index.
X.org Xserver
X.org Tog-cup
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »