CVE-2004-0083
published 2004-03-03CVE-2004-0083: Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font…
PriorityP343critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
21.18%
97.3th percentile
Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| openbsd | openbsd | — | — |
| openbsd | openbsd | — | — |
| xfree86_project | x11r6 | — | — |
| xfree86_project | x11r6 | — | — |
| xfree86_project | x11r6 | — | — |
| xfree86_project | x11r6 | — | — |
| xfree86_project | x11r6 | — | — |
| xfree86_project | x11r6 | — | — |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_redhat10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x923-wg49-3cpx: Multiple unknown vulnerabilities in XFree86 4
ghsa_unreviewed·2022-04-29·CVSS 10.0
CVE-2004-0106 [CRITICAL] GHSA-x923-wg49-3cpx: Multiple unknown vulnerabilities in XFree86 4
Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CVE-2004-0083 and CVE-2004-0084.
GHSA
GHSA-4642-rff9-864v: Buffer overflow in the ReadFontAlias function in XFree86 4
ghsa_unreviewed·2022-04-29·CVSS 10.0
CVE-2004-0084 [CRITICAL] GHSA-4642-rff9-864v: Buffer overflow in the ReadFontAlias function in XFree86 4
Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CVE-2004-0083 and CVE-2004-0106.
GHSA
GHSA-275v-77j5-j2rj: Buffer overflow in ReadFontAlias from dirfile
ghsa_unreviewed·2022-04-29·CVSS 10.0
CVE-2004-0083 [CRITICAL] GHSA-275v-77j5-j2rj: Buffer overflow in ReadFontAlias from dirfile
Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106.
Red Hat
security flaw
vendor_redhat·2004-02-13·CVSS 10.0
CVE-2004-0106 [CRITICAL] security flaw
security flaw
Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CVE-2004-0083 and CVE-2004-0084.
Red Hat
security flaw
vendor_redhat·2004-02-12·CVSS 10.0
CVE-2004-0084 [CRITICAL] security flaw
security flaw
Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CVE-2004-0083 and CVE-2004-0106.
Red Hat
security flaw
vendor_redhat·2004-02-08·CVSS 10.0
CVE-2004-0083 [CRITICAL] security flaw
security flaw
Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106.
No detection rules found.
Bugzilla
CVE-2004-0083 security flaw
bugzilla·2018-08-16·CVSS 10.0
CVE-2004-0083 [CRITICAL] CVE-2004-0083 security flaw
CVE-2004-0083 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106.
Bugzilla
CVE-2004-0106 security flaw
bugzilla·2018-08-16·CVSS 10.0
CVE-2004-0106 [CRITICAL] CVE-2004-0106 security flaw
CVE-2004-0106 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CVE-2004-0083 and CVE-2004-0084.
Bugzilla
CVE-2004-0084 security flaw
bugzilla·2018-08-16·CVSS 10.0
CVE-2004-0084 [CRITICAL] CVE-2004-0084 security flaw
CVE-2004-0084 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CVE-2004-0083 and CVE-2004-0106.
Bugzilla
CAN-2004-0083 XFree86 font.alias overflow
bugzilla·2004-02-04
[MEDIUM] CAN-2004-0083 XFree86 font.alias overflow
CAN-2004-0083 XFree86 font.alias overflow
Reported to Red Hat by XFree86 on 2004Feb03 via
iDefense.
A malicious user may craft a malformed 'font.alias' file causing a
buffer overflow upon parsing, which could lead to execution of
arbitrary code as root on the server.
Embargoed. No date for public notification set; CVE applied for.
Patch available. Last update was RHSA-2003:289. Will be backported
to 4.1.0. Errata in progress.
Discussion:
CAN-2004-0083, embargo lifts on Feb11
---
Subsequently, iDefense found another issue in the same routine with
the same consequences which has been given CVE name CAN-2004-0083.
Additionally David Dawes discovered additional flaws in reading font
files. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-
Bugzilla
CAN-2004-0083, CAN-2004-0084, CAN-2004-0106 - XFree86 font.alias buffer overflow
bugzilla·2004-02-04
[MEDIUM] CAN-2004-0083, CAN-2004-0084, CAN-2004-0106 - XFree86 font.alias buffer overflow
CAN-2004-0083, CAN-2004-0084, CAN-2004-0106 - XFree86 font.alias buffer overflow
Reported to Red Hat by XFree86 on 2004Feb03 via
iDefense.
A malicious user may craft a malformed 'font.alias' file causing a
buffer overflow upon parsing, which could lead to execution of
arbitrary code as root on the server.
Embargoed. No date for public notification set; CVE applied for.
Patch available. Errata in progress.
Discussion:
http://bugzilla.redhat.com/bugzilla/process_bug.cgi
---
XFree86-4.3.0-49 built for Fedora Core 1 now
---
Subsequently, iDefense found another issue in the same routine with
the same consequences which has been given CVE name CAN-2004-0083.
Additionally David Dawes discovered additional flaws in reading font
files. The Common Vulnerabilities and Exposures project
(cv
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821http://marc.info/?l=bugtraq&m=107644835523678&w=2http://marc.info/?l=bugtraq&m=107653324115914&w=2http://marc.info/?l=bugtraq&m=110979666528890&w=2http://security.gentoo.org/glsa/glsa-200402-02.xmlhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1http://www.debian.org/security/2004/dsa-443http://www.idefense.com/application/poi/display?id=72http://www.kb.cert.org/vuls/id/820006http://www.mandriva.com/security/advisories?name=MDKSA-2004:012http://www.novell.com/linux/security/advisories/2004_06_xf86.htmlhttp://www.redhat.com/support/errata/RHSA-2004-059.htmlhttp://www.redhat.com/support/errata/RHSA-2004-060.htmlhttp://www.redhat.com/support/errata/RHSA-2004-061.htmlhttp://www.securityfocus.com/bid/9636http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405053http://www.xfree86.org/cvs/changeshttps://exchange.xforce.ibmcloud.com/vulnerabilities/15130https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A806https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A830https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9612http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821http://marc.info/?l=bugtraq&m=107644835523678&w=2http://marc.info/?l=bugtraq&m=107653324115914&w=2http://marc.info/?l=bugtraq&m=110979666528890&w=2http://security.gentoo.org/glsa/glsa-200402-02.xmlhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1http://www.debian.org/security/2004/dsa-443http://www.idefense.com/application/poi/display?id=72http://www.kb.cert.org/vuls/id/820006http://www.mandriva.com/security/advisories?name=MDKSA-2004:012http://www.novell.com/linux/security/advisories/2004_06_xf86.htmlhttp://www.redhat.com/support/errata/RHSA-2004-059.htmlhttp://www.redhat.com/support/errata/RHSA-2004-060.htmlhttp://www.redhat.com/support/errata/RHSA-2004-061.htmlhttp://www.securityfocus.com/bid/9636http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405053http://www.xfree86.org/cvs/changeshttps://exchange.xforce.ibmcloud.com/vulnerabilities/15130https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A806https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A830https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9612
2004-03-03
Published