CVE-2014-0209
published 2014-05-15CVE-2014-0209: Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local…
PriorityP419medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EPSS
0.44%
35.5th percentile
Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata.
Affected
32 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | libxfont | < libxfont 1:1.4.7-2 (bookworm) | libxfont 1:1.4.7-2 (bookworm) |
| x.org | libxfont | >= 0 < 1:1.4.7-2 | 1:1.4.7-2 |
| x.org | libxfont | >= 0 < 1:1.4.7-2 | 1:1.4.7-2 |
| x.org | libxfont | >= 0 < 1:1.4.7-2 | 1:1.4.7-2 |
| x.org | libxfont | >= 0 < 1:1.4.7-2 | 1:1.4.7-2 |
| x.org | libxfont | >= 0 < 1:1.4.7-1ubuntu0.1 | 1:1.4.7-1ubuntu0.1 |
| x | libxfont | <= 1.4.7 | — |
| x | libxfont | — | — |
| x | libxfont | — | — |
| x | libxfont | — | — |
| x | libxfont | — | — |
| x | libxfont | — | — |
| x | libxfont | — | — |
| x | libxfont | — | — |
| x | libxfont | — | — |
| x | libxfont | — | — |
| x | libxfont | — | — |
| x | libxfont | — | — |
| x | libxfont | — | — |
| x | libxfont | — | — |
CVSS provenance
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv4.6MEDIUM
vendor_debian4.6MEDIUM
vendor_redhat4.6MEDIUM
vendor_ubuntu4.6MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rm8x-6gj9-f66x: Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X
ghsa_unreviewed·2022-05-14
CVE-2014-0209 [MEDIUM] GHSA-rm8x-6gj9-f66x: Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X
Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata.
OSV
CVE-2014-0209: Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X
osv·2014-05-15·CVSS 4.6
CVE-2014-0209 [MEDIUM] CVE-2014-0209: Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X
Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata.
OSV
libxfont vulnerabilities
osv·2014-05-14·CVSS 4.6
CVE-2014-0209 [MEDIUM] libxfont vulnerabilities
libxfont vulnerabilities
Ilja van Sprundel discovered that libXfont incorrectly handled font
metadata file parsing. A local attacker could use this issue to cause
libXfont to crash, or possibly execute arbitrary code in order to gain
privileges. (CVE-2014-0209)
Ilja van Sprundel discovered that libXfont incorrectly handled X Font
Server replies. A malicious font server could return specially-crafted data
that could cause libXfont to crash, or possibly execute arbitrary code.
This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, Ubuntu 12.10
and Ubuntu 13.10. (CVE-2014-0210, CVE-2014-0211)
Ubuntu
libXfont vulnerabilities
vendor_ubuntu·2014-05-14·CVSS 4.6
CVE-2014-0209 [MEDIUM] libXfont vulnerabilities
Title: libXfont vulnerabilities
Summary: Several security issues were fixed in libXfont.
Ilja van Sprundel discovered that libXfont incorrectly handled font
metadata file parsing. A local attacker could use this issue to cause
libXfont to crash, or possibly execute arbitrary code in order to gain
privileges. (CVE-2014-0209)
Ilja van Sprundel discovered that libXfont incorrectly handled X Font
Server replies. A malicious font server could return specially-crafted data
that could cause libXfont to crash, or possibly execute arbitrary code.
This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, Ubuntu 12.10
and Ubuntu 13.10. (CVE-2014-0210, CVE-2014-0211)
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
Red Hat
libXfont: integer overflow of allocations in font metadata file parsing
vendor_redhat·2014-05-13·CVSS 4.6
CVE-2014-0209 [MEDIUM] CWE-190 libXfont: integer overflow of allocations in font metadata file parsing
libXfont: integer overflow of allocations in font metadata file parsing
Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata.
A use-after-free flaw was found in the way libXfont processed certain font files when attempting to add a new directory to the font path. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server.
Debian
CVE-2014-0209: libxfont - Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias function...
vendor_debian·2014·CVSS 4.6
CVE-2014-0209 [MEDIUM] CVE-2014-0209: libxfont - Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias function...
Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata.
Scope: local
bookworm: resolved (fixed in 1:1.4.7-2)
bullseye: resolved (fixed in 1:1.4.7-2)
forky: resolved (fixed in 1:1.4.7-2)
sid: resolved (fixed in 1:1.4.7-2)
trixie: resolved (fixed in 1:1.4.7-2)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2014-0211 CVE-2014-0210 CVE-2014-0209 libXfont: various flaws [fedora-all]
bugzilla·2014-05-13·CVSS 4.6
CVE-2014-0211 [MEDIUM] CVE-2014-0211 CVE-2014-0210 CVE-2014-0209 libXfont: various flaws [fedora-all]
CVE-2014-0211 CVE-2014-0210 CVE-2014-0209 libXfont: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, use the bodhi submission link noted
in the next comment(s). This will include the bug IDs of this tracking
bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
NOTE: this issue affects multiple
Bugzilla
CVE-2014-0209 libXfont: integer overflow of allocations in font metadata file parsing
bugzilla·2014-05-12·CVSS 4.6
CVE-2014-0209 [MEDIUM] CVE-2014-0209 libXfont: integer overflow of allocations in font metadata file parsing
CVE-2014-0209 libXfont: integer overflow of allocations in font metadata file parsing
When a local user who is already authenticated to the X server adds a new directory to the font path, the X server calls libXfont to open the fonts.dir and fonts.alias files in that directory and add entries to the font tables for every line in it. A large file (~2-4 gb) could cause the allocations to overflow, and allow the remaining data read from the file to overwrite other memory in the heap.
Affected functions: FontFileAddEntry(), lexAlias()
Acknowledgements:
Red Hat would like to thank the X.org project for reporting this issue. Upstream acknowledges Ilja van Sprundel as the original reporter of this issue.
Discussion:
Upstream commits:
http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?i
http://advisories.mageia.org/MGASA-2014-0278.htmlhttp://lists.opensuse.org/opensuse-updates/2014-05/msg00073.htmlhttp://lists.x.org/archives/xorg-announce/2014-May/002431.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1893.htmlhttp://seclists.org/fulldisclosure/2014/Dec/23http://secunia.com/advisories/59154http://www.debian.org/security/2014/dsa-2927http://www.mandriva.com/security/advisories?name=MDVSA-2015:145http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.htmlhttp://www.securityfocus.com/archive/1/534161/100/0/threadedhttp://www.securityfocus.com/bid/67382http://www.ubuntu.com/usn/USN-2211-1http://www.vmware.com/security/advisories/VMSA-2014-0012.htmlhttp://advisories.mageia.org/MGASA-2014-0278.htmlhttp://lists.opensuse.org/opensuse-updates/2014-05/msg00073.htmlhttp://lists.x.org/archives/xorg-announce/2014-May/002431.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1893.htmlhttp://seclists.org/fulldisclosure/2014/Dec/23http://secunia.com/advisories/59154http://www.debian.org/security/2014/dsa-2927http://www.mandriva.com/security/advisories?name=MDVSA-2015:145http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.htmlhttp://www.securityfocus.com/archive/1/534161/100/0/threadedhttp://www.securityfocus.com/bid/67382http://www.ubuntu.com/usn/USN-2211-1http://www.vmware.com/security/advisories/VMSA-2014-0012.html
2014-05-15
Published