Published: 11/10/2017 Updated: 13/11/2017

CVSS v2 Base Score: 3.6 | Impact Score: 4.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.1 | Impact Score: 5.2 | Exploitability Score: 1.8

VMScore: 320

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:P

In the pcfGetProperties function in bitmap/pcfread.c in libXfont up to and including 1.5.2 and 2.x prior to 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server.

Vulnerable Product	Search on Vulmon	Subscribe to Product
x.org libxfont 2.0.0
x.org libxfont 2.0.1
x.org libxfont

Several security issues were fixed in libXfont ...

Two vulnerabilities were found in libXfont, the X11 font rasterisation library, which could result in denial of service or memory disclosure For the oldstable distribution (jessie), these problems have been fixed in version 1:151-1+deb8u1 For the stable distribution (stretch), these problems have been fixed in version 1:201-3+deb9u1 We recom ...

In the pcfGetProperties function in bitmap/pcfreadc in libXfont through 152 and 2x before 202, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server ...

CWE-125 https://www.x.org/releases/individual/lib/libXfont2-2.0.2.tar.bz2 https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=672bb944311392e2415b39c0d63b1e1902905bcd https://bugzilla.redhat.com/show_bug.cgi?id=1500693 https://bugzilla.suse.com/show_bug.cgi?id=1049692 http://www.debian.org/security/2017/dsa-3995 https://security.gentoo.org/glsa/201711-08 https://usn.ubuntu.com/3442-1/https://nvd.nist.gov

CVE-2017-13722

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect