CVE-2013-6462 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Libxfont

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121 — Stack-based Buffer Overflow9 documents8 sources

Severity

9.3CRITICALNVD

EPSS

12.0%

top 6.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

X.org Libxfont X Libxfont

Timeline

PublishedJan 9

Latest updateMay 17

Description

Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont 1.1 through 1.4.6 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in a character name in a BDF font file.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶Debianx.org/libxfont< 1:1.4.7-1+3

▶NVDx/libxfont23 versions+22

Patches

Patch: cgit.freedesktop.org ↗Patch: cgit.freedesktop.org ↗

🔴Vulnerability Details

GHSA

GHSA-7vj8-7ww8-h9v6: Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread↗2022-05-17

▶

OSV

CVE-2013-6462: Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread↗2014-01-09

▶

CVEList

CVE-2013-6462: Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread↗2014-01-09

▶

📋Vendor Advisories

Ubuntu

libXfont vulnerability↗2014-01-07

▶

Red Hat

libXfont: stack-based buffer overflow flaw when parsing Glyph Bitmap Distribution Format (BDF) fonts↗2014-01-07

▶

Debian

CVE-2013-6462: libxfont - Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread....↗2013

▶

💬Community

Bugzilla

CVE-2013-6462 libXfont: stack-based buffer overflow flaw when parsing Glyph Bitmap Distribution Format (BDF) fonts [fedora-all]↗2014-01-07

▶

Bugzilla

CVE-2013-6462 libXfont: stack-based buffer overflow flaw when parsing Glyph Bitmap Distribution Format (BDF) fonts↗2014-01-03

▶