cbcvebase.
CVE-2014-0209
published 2014-05-15

CVE-2014-0209: Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local…

PriorityP419medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EPSS
0.44%
35.5th percentile
Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata.

Affected

32 ranges· showing 25
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
debianlibxfont< libxfont 1:1.4.7-2 (bookworm)libxfont 1:1.4.7-2 (bookworm)
x.orglibxfont>= 0 < 1:1.4.7-21:1.4.7-2
x.orglibxfont>= 0 < 1:1.4.7-21:1.4.7-2
x.orglibxfont>= 0 < 1:1.4.7-21:1.4.7-2
x.orglibxfont>= 0 < 1:1.4.7-21:1.4.7-2
x.orglibxfont>= 0 < 1:1.4.7-1ubuntu0.11:1.4.7-1ubuntu0.1
xlibxfont<= 1.4.7
xlibxfont
xlibxfont
xlibxfont
xlibxfont
xlibxfont
xlibxfont
xlibxfont
xlibxfont
xlibxfont
xlibxfont
xlibxfont
xlibxfont
xlibxfont

CVSS provenance

nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv4.6MEDIUM
vendor_debian4.6MEDIUM
vendor_redhat4.6MEDIUM
vendor_ubuntu4.6MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.