CVE-2014-0209 — Integer Overflow or Wraparound in Libxfont

CWE-189 CWE-190 — Integer Overflow or Wraparound10 documents8 sources

Severity

4.6MEDIUMNVD

EPSS

0.2%

top 61.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

X.org Libxfont X Libxfont Canonical Ubuntu Linux

Timeline

PublishedMay 15

Latest updateMay 14

Description

Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages3 packages

▶Debianx.org/libxfont< 1:1.4.7-2+3

▶Ubuntux.org/libxfont< 1:1.4.7-1ubuntu0.1

▶NVDx/libxfont1.4.7+20

Also affects: Ubuntu Linux 10.04, 12.04, 12.10, 13.10, 14.04

🔴Vulnerability Details

GHSA

GHSA-rm8x-6gj9-f66x: Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X↗2022-05-14

▶

OSV

CVE-2014-0209: Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X↗2014-05-15

▶

CVEList

CVE-2014-0209: Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X↗2014-05-15

▶

OSV

libxfont vulnerabilities↗2014-05-14

▶

📋Vendor Advisories

Ubuntu

libXfont vulnerabilities↗2014-05-14

▶

Red Hat

libXfont: integer overflow of allocations in font metadata file parsing↗2014-05-13

▶

Debian

CVE-2014-0209: libxfont - Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias function...↗2014

▶

💬Community

Bugzilla

CVE-2014-0211 CVE-2014-0210 CVE-2014-0209 libXfont: various flaws [fedora-all]↗2014-05-13

▶

Bugzilla

CVE-2014-0209 libXfont: integer overflow of allocations in font metadata file parsing↗2014-05-12

▶