CVE-2014-0210Improper Restriction of Operations within the Bounds of a Memory Buffer in Libxfont

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-130Improper Handling of Length Parameter InconsistencyCWE-787Out-of-bounds Write10 documents8 sources
Severity
7.5HIGHNVD
EPSS
2.1%
top 15.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
X.org LibxfontX LibxfontCanonical Ubuntu Linux
Timeline
PublishedMay 15
Latest updateMay 14

Description

Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info function.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

Debianx.org/libxfont< 1:1.4.7-2+3
NVDx/libxfont1.4.7+20

Also affects: Ubuntu Linux 10.04, 12.04, 12.10, 13.10, 14.04

🔴Vulnerability Details

4
GHSA
GHSA-j6x2-5mpm-9564: Multiple buffer overflows in X2022-05-14
CVEList
CVE-2014-0210: Multiple buffer overflows in X2014-05-15
OSV
CVE-2014-0210: Multiple buffer overflows in X2014-05-15
OSV
libxfont vulnerabilities2014-05-14

📋Vendor Advisories

3
Ubuntu
libXfont vulnerabilities2014-05-14
Red Hat
libXfont: unvalidated length fields when parsing xfs protocol replies2014-05-13
Debian
CVE-2014-0210: libxfont - Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.9...2014

💬Community

2
Bugzilla
CVE-2014-0211 CVE-2014-0210 CVE-2014-0209 libXfont: various flaws [fedora-all]2014-05-13
Bugzilla
CVE-2014-0210 libXfont: unvalidated length fields when parsing xfs protocol replies2014-05-12