CVE-2014-0211 — Improper Handling of Length Parameter Inconsistency in Libxfont
Severity
7.5HIGHNVD
EPSS
2.4%
top 14.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 15
Latest updateMay 14
Description
Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow.
CVSS vector
AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4
Affected Packages2 packages
Also affects: Ubuntu Linux 10.04, 12.04, 12.10, 13.10, 14.04
🔴Vulnerability Details
4GHSA▶
GHSA-c656-hcc6-xc8v: Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X↗2022-05-14
CVEList▶
CVE-2014-0211: Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X↗2014-05-15
OSV▶
CVE-2014-0211: Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X↗2014-05-15
📋Vendor Advisories
3💬Community
7Bugzilla
▶
Bugzilla▶
CVE-2014-0061 postgresql: privilege escalation via procedural language validator functions↗2014-02-14