Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-0084Improper Restriction of Operations within the Bounds of a Memory Buffer in Project X11r6

11 documents6 sources
Severity
10.0CRITICALNVD
EPSS
16.3%
top 5.16%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
OpenbsdXfree86 Project X11r6
Timeline
PublishedMar 3
Latest updateApr 29

Description

Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CVE-2004-0083 and CVE-2004-0106.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

NVDxfree86_project/x11r66 versions+5
NVDopenbsd/openbsd3.3, 3.4+1

Patches

Patch: www.redhat.comPatch: www.redhat.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-4642-rff9-864v: Buffer overflow in the ReadFontAlias function in XFree86 42022-04-29
CVEList
CVE-2004-0084: Buffer overflow in the ReadFontAlias function in XFree86 42004-02-14

💥Exploits & PoCs

1
Exploit-DB
XFree86 4.x - CopyISOLatin1Lowered Font_Name Buffer Overflow2004-02-12

📋Vendor Advisories

3
Red Hat
security flaw2004-02-13
Red Hat
security flaw2004-02-12
Red Hat
security flaw2004-02-08

💬Community

4
Bugzilla
CVE-2004-0083 security flaw2018-08-16
Bugzilla
CVE-2004-0106 security flaw2018-08-16
Bugzilla
CVE-2004-0084 security flaw2018-08-16
Bugzilla
CAN-2004-0083, CAN-2004-0084, CAN-2004-0106 - XFree86 font.alias buffer overflow2004-02-04
CVE-2004-0084 — Xfree86 Project X11r6 vulnerability | cvebase