Integer overflow in the build_range function in X.Org X Font Server (xfs) prior to 1.0.5 allows context-dependent malicious users to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values, which triggers a heap-based buffer overflow.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
x.org x font server 1.0.1 |
||
x.org x font server 1.0.2 |
||
x.org x font server 1.0.4 |