Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.5
CVSSv2

CVE-2015-1804

Published: 20/03/2015 Updated: 31/12/2016
CVSS v2 Base Score: 8.5 | Impact Score: 10 | Exploitability Score: 6.8
VMScore: 756
Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C
Subscribe to Libxfont

Vulnerability Summary

The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont prior to 1.4.9 and 1.5.x prior to 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via a crafted BDF font file.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

x libxfont

x libxfont 1.5.0

Vendor Advisories

Ubuntu Security Notice: libxfont vulnerabilities
libXfont could be made to crash or run programs as an administrator if it opened a specially crafted bdf font file ...
Debian Security Advisories: DSA-3194-1 libxfont -- security update
Ilja van Sprundel, Alan Coopersmith and William Robinet discovered multiple issues in libxfont's code to process BDF fonts, which might result in privilege escalation For the stable distribution (wheezy), these problems have been fixed in version 145-5 For the unstable distribution (sid), these problems will be fixed soon We recommend that you ...
Amazon Linux AMI: ALAS-2015-597
An integer overflow flaw was found in the way libXfont processed certain Glyph Bitmap Distribution Format (BDF) fonts A malicious, local user could use this flaw to crash the XOrg server or, potentially, execute arbitrary code with the privileges of the XOrg server (CVE-2015-1802) An integer truncation flaw was discovered in the way libXfont pr ...
Red Hat: CVE-2015-1804
An integer truncation flaw was discovered in the way libXfont processed certain Glyph Bitmap Distribution Format (BDF) fonts A malicious, local user could use this flaw to crash the XOrg server or, potentially, execute arbitrary code with the privileges of the XOrg server ...

References

CWE-189http://www.x.org/wiki/Development/Security/Advisory-2015-03-17/http://www.debian.org/security/2015/dsa-3194http://www.ubuntu.com/usn/USN-2536-1http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152838.htmlhttp://www.securitytracker.com/id/1031935http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152497.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-03/msg00032.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-04/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-04/msg00005.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2015:145http://advisories.mageia.org/MGASA-2015-0113.htmlhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.htmlhttp://lists.opensuse.org/opensuse-updates/2015-12/msg00074.htmlhttps://security.gentoo.org/glsa/201507-21http://rhn.redhat.com/errata/RHSA-2015-1708.htmlhttp://www.securityfocus.com/bid/73279https://usn.ubuntu.com/2536-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2015-1804
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook