Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.5
CVSSv2

CVE-2015-1802

Published: 20/03/2015 Updated: 22/12/2016
CVSS v2 Base Score: 8.5 | Impact Score: 10 | Exploitability Score: 6.8
VMScore: 756
Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C
Subscribe to Libxfont

Vulnerability Summary

The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont prior to 1.4.9 and 1.5.x prior to 1.5.1 allows remote authenticated users to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a (1) negative or (2) large property count in a BDF font file.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

x libxfont

x libxfont 1.5.0

Vendor Advisories

Ubuntu Security Notice: libxfont vulnerabilities
libXfont could be made to crash or run programs as an administrator if it opened a specially crafted bdf font file ...
Debian Security Advisories: DSA-3194-1 libxfont -- security update
Ilja van Sprundel, Alan Coopersmith and William Robinet discovered multiple issues in libxfont's code to process BDF fonts, which might result in privilege escalation For the stable distribution (wheezy), these problems have been fixed in version 145-5 For the unstable distribution (sid), these problems will be fixed soon We recommend that you ...
Amazon Linux AMI: ALAS-2015-597
An integer overflow flaw was found in the way libXfont processed certain Glyph Bitmap Distribution Format (BDF) fonts A malicious, local user could use this flaw to crash the XOrg server or, potentially, execute arbitrary code with the privileges of the XOrg server (CVE-2015-1802) An integer truncation flaw was discovered in the way libXfont pr ...
Red Hat: CVE-2015-1802
An integer overflow flaw was found in the way libXfont processed certain Glyph Bitmap Distribution Format (BDF) fonts A malicious, local user could use this flaw to crash the XOrg server or, potentially, execute arbitrary code with the privileges of the XOrg server ...

References

CWE-119http://www.x.org/wiki/Development/Security/Advisory-2015-03-17/http://www.debian.org/security/2015/dsa-3194http://www.ubuntu.com/usn/USN-2536-1http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152838.htmlhttp://www.securitytracker.com/id/1031935http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152497.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-03/msg00032.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-04/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-04/msg00005.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2015:145http://advisories.mageia.org/MGASA-2015-0113.htmlhttp://www.securityfocus.com/bid/73277http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.htmlhttps://security.gentoo.org/glsa/201507-21http://rhn.redhat.com/errata/RHSA-2015-1708.htmlhttps://usn.ubuntu.com/2536-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2015-1802
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook