Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.6
CVSSv2

CVE-2014-0209

Published: 15/05/2014 Updated: 09/10/2018
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
VMScore: 409
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Libxfont

Vulnerability Summary

Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont prior to 1.4.8 and 1.4.9x prior to 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata.

Vulnerable Product Search on Vulmon Subscribe to Product

x libxfont 1.2.3

x libxfont 1.2.4

x libxfont 1.3.1

x libxfont 1.3.2

x libxfont 1.4.5

x libxfont 1.4.6

x libxfont 1.2.7

x libxfont 1.2.8

x libxfont 1.4.0

x libxfont 1.4.1

x libxfont 1.4.99

x libxfont 1.2.9

x libxfont 1.3.0

x libxfont 1.4.2

x libxfont 1.4.3

x libxfont 1.4.4

x libxfont 1.2.5

x libxfont 1.2.6

x libxfont 1.3.3

x libxfont 1.3.4

x libxfont

canonical ubuntu linux 14.04

canonical ubuntu linux 10.04

canonical ubuntu linux 12.04

canonical ubuntu linux 12.10

canonical ubuntu linux 13.10

Vendor Advisories

Ubuntu Security Notice: libxfont vulnerabilities
Several security issues were fixed in libXfont ...
Debian Security Advisories: DSA-2927-1 libxfont -- security update
Ilja van Sprundel of IOActive discovered several security issues in the XOrg libXfont library, which may allow a local, authenticated user to attempt to raise privileges; or a remote attacker who can control the font server to attempt to execute code with the privileges of the X server CVE-2014-0209 Integer overflow of allocations in font me ...
Amazon Linux AMI: ALAS-2014-404
Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in XOrg libXfont before 148 and 149x before 1499901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow Multiple buffer overflows in XOrg libXfont before 148 and 149x ...
Red Hat: CVE-2014-0209
A use-after-free flaw was found in the way libXfont processed certain font files when attempting to add a new directory to the font path A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the XOrg server ...

References

CWE-189http://lists.x.org/archives/xorg-announce/2014-May/002431.htmlhttp://www.ubuntu.com/usn/USN-2211-1http://www.debian.org/security/2014/dsa-2927http://lists.opensuse.org/opensuse-updates/2014-05/msg00073.htmlhttp://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1893.htmlhttp://www.vmware.com/security/advisories/VMSA-2014-0012.htmlhttp://seclists.org/fulldisclosure/2014/Dec/23http://www.mandriva.com/security/advisories?name=MDVSA-2015:145http://advisories.mageia.org/MGASA-2014-0278.htmlhttp://www.securityfocus.com/bid/67382http://secunia.com/advisories/59154http://www.securityfocus.com/archive/1/534161/100/0/threadedhttps://usn.ubuntu.com/2211-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2014-0209
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook