CVE-2014-0211
published 2014-05-15CVE-2014-0211: Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before…
PriorityP340high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
4.36%
90.0th percentile
Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow.
Affected
32 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | libxfont | < libxfont 1:1.4.7-2 (bookworm) | libxfont 1:1.4.7-2 (bookworm) |
| x.org | libxfont | >= 0 < 1:1.4.7-2 | 1:1.4.7-2 |
| x.org | libxfont | >= 0 < 1:1.4.7-2 | 1:1.4.7-2 |
| x.org | libxfont | >= 0 < 1:1.4.7-2 | 1:1.4.7-2 |
| x.org | libxfont | >= 0 < 1:1.4.7-2 | 1:1.4.7-2 |
| x.org | libxfont | >= 0 < 1:1.4.7-1ubuntu0.1 | 1:1.4.7-1ubuntu0.1 |
| x | libxfont | <= 1.4.7 | — |
| x | libxfont | — | — |
| x | libxfont | — | — |
| x | libxfont | — | — |
| x | libxfont | — | — |
| x | libxfont | — | — |
| x | libxfont | — | — |
| x | libxfont | — | — |
| x | libxfont | — | — |
| x | libxfont | — | — |
| x | libxfont | — | — |
| x | libxfont | — | — |
| x | libxfont | — | — |
| x | libxfont | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5LOW
vendor_redhat7.5HIGH
vendor_ubuntu4.6MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c656-hcc6-xc8v: Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X
ghsa_unreviewed·2022-05-14
CVE-2014-0211 [HIGH] GHSA-c656-hcc6-xc8v: Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X
Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow.
OSV
CVE-2014-0211: Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X
osv·2014-05-15·CVSS 7.5
CVE-2014-0211 [HIGH] CVE-2014-0211: Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X
Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow.
OSV
libxfont vulnerabilities
osv·2014-05-14·CVSS 4.6
CVE-2014-0209 [MEDIUM] libxfont vulnerabilities
libxfont vulnerabilities
Ilja van Sprundel discovered that libXfont incorrectly handled font
metadata file parsing. A local attacker could use this issue to cause
libXfont to crash, or possibly execute arbitrary code in order to gain
privileges. (CVE-2014-0209)
Ilja van Sprundel discovered that libXfont incorrectly handled X Font
Server replies. A malicious font server could return specially-crafted data
that could cause libXfont to crash, or possibly execute arbitrary code.
This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, Ubuntu 12.10
and Ubuntu 13.10. (CVE-2014-0210, CVE-2014-0211)
Ubuntu
libXfont vulnerabilities
vendor_ubuntu·2014-05-14·CVSS 4.6
CVE-2014-0209 [MEDIUM] libXfont vulnerabilities
Title: libXfont vulnerabilities
Summary: Several security issues were fixed in libXfont.
Ilja van Sprundel discovered that libXfont incorrectly handled font
metadata file parsing. A local attacker could use this issue to cause
libXfont to crash, or possibly execute arbitrary code in order to gain
privileges. (CVE-2014-0209)
Ilja van Sprundel discovered that libXfont incorrectly handled X Font
Server replies. A malicious font server could return specially-crafted data
that could cause libXfont to crash, or possibly execute arbitrary code.
This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, Ubuntu 12.10
and Ubuntu 13.10. (CVE-2014-0210, CVE-2014-0211)
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
Red Hat
libXfont: integer overflows calculating memory needs for xfs replies
vendor_redhat·2014-05-13·CVSS 7.5
CVE-2014-0211 [HIGH] CWE-130 libXfont: integer overflows calculating memory needs for xfs replies
libXfont: integer overflows calculating memory needs for xfs replies
Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow.
Multiple out-of-bounds write flaws were found in the way libXfont parsed replies received from an X.org font server. A malicious X.org server could cause an X client to crash or, possibly, execute arbitrary code with the privileges of the X.Org server.
Debian
CVE-2014-0211: libxfont - Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3)...
vendor_debian·2014·CVSS 7.5
CVE-2014-0211 [HIGH] CVE-2014-0211: libxfont - Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3)...
Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow.
Scope: local
bookworm: resolved (fixed in 1:1.4.7-2)
bullseye: resolved (fixed in 1:1.4.7-2)
forky: resolved (fixed in 1:1.4.7-2)
sid: resolved (fixed in 1:1.4.7-2)
trixie: resolved (fixed in 1:1.4.7-2)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2014-0211 CVE-2014-0210 CVE-2014-0209 libXfont: various flaws [fedora-all]
bugzilla·2014-05-13·CVSS 4.6
CVE-2014-0211 [MEDIUM] CVE-2014-0211 CVE-2014-0210 CVE-2014-0209 libXfont: various flaws [fedora-all]
CVE-2014-0211 CVE-2014-0210 CVE-2014-0209 libXfont: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, use the bodhi submission link noted
in the next comment(s). This will include the bug IDs of this tracking
bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
NOTE: this issue affects multiple
Bugzilla
CVE-2014-0211 libXfont: integer overflows calculating memory needs for xfs replies
bugzilla·2014-05-12·CVSS 7.5
CVE-2014-0211 [HIGH] CVE-2014-0211 libXfont: integer overflows calculating memory needs for xfs replies
CVE-2014-0211 libXfont: integer overflows calculating memory needs for xfs replies
When parsing replies received from the font server, these calls do not check that their calculations for how much memory is needed to handle the returned data have not overflowed, so can result in allocating too little memory and then writing the returned data past the end of the allocated buffer.
Affected functions: fs_get_reply(), fs_alloc_glyphs(),
fs_read_extent_info()
Acknowledgements:
Red Hat would like to thank the X.org project for reporting this issue. Upstream acknowledges Ilja van Sprundel as the original reporter of this issue.
Discussion:
Upstream commits:
http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=a42f707f8a62973f5e8bbcd08afb10a79e9cee33
http://cgit.freedesktop.org/xorg/li
Bugzilla
CVE-2014-0061 postgresql: privilege escalation via procedural language validator functions
bugzilla·2014-02-14·CVSS 6.5
CVE-2014-0061 [MEDIUM] CVE-2014-0061 postgresql: privilege escalation via procedural language validator functions
CVE-2014-0061 postgresql: privilege escalation via procedural language validator functions
It was found that the procedural language (PLs) validator functions could possibly be leveraged for limited code execution. An authenticated database user could possibly use this flaw to escalate their privileges.
Acknowledgements:
Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Andres Freund as the original reporter.
Discussion:
This is now public:
https://github.com/postgres/postgres/commit/537cbd35c893e67a63c59bc636c3e888bd228bc7
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
Via RHSA-2014:0211 https://rhn.redhat.com/errata/RHSA-2014-0211.html
---
This issue has been addre
Bugzilla
CVE-2014-0066 postgresql: NULL pointer dereference
bugzilla·2014-02-14·CVSS 6.5
CVE-2014-0066 [MEDIUM] CVE-2014-0066 postgresql: NULL pointer dereference
CVE-2014-0066 postgresql: NULL pointer dereference
It was found that the chkpass extension did not check the result of a call to crypt(). An authenticated database user could possibly trigger this flaw and cause PostgreSQL to crash.
Acknowledgements:
Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Honza Horak and Bruce Momjian as the original reporters.
Discussion:
This is now public, although unfortunately it looks like it has two CVEs fixed in one patch (CVE-2014-0065 for buffer overruns, CVE-2014-0066 for crypt())
https://github.com/postgres/postgres/commit/01824385aead50e557ca1af28640460fa9877d51
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
Via RHSA-2014:0211 h
Bugzilla
CVE-2014-0064 postgresql: integer overflows leading to buffer overflows
bugzilla·2014-02-14·CVSS 6.5
CVE-2014-0064 [MEDIUM] CVE-2014-0064 postgresql: integer overflows leading to buffer overflows
CVE-2014-0064 postgresql: integer overflows leading to buffer overflows
Multiple integer overflow flaws, leading to buffer overflows, were found in PostgreSQL. An authenticated database user could possibly use these flaws to crash the PostgreSQL server or execute arbitrary code.
Acknowledgements:
Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Heikki Linnakangas and Noah Misch as the original reporters.
Discussion:
This is now public:
https://github.com/postgres/postgres/commit/31400a673325147e1205326008e32135a78b4d8a
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
Via RHSA-2014:0211 https://rhn.redhat.com/errata/RHSA-2014-0211.html
---
This issue has been addressed
Bugzilla
CVE-2014-0060 postgresql: SET ROLE without ADMIN OPTION allows adding and removing group members
bugzilla·2014-02-14·CVSS 4.0
CVE-2014-0060 [MEDIUM] CVE-2014-0060 postgresql: SET ROLE without ADMIN OPTION allows adding and removing group members
CVE-2014-0060 postgresql: SET ROLE without ADMIN OPTION allows adding and removing group members
Previously, granting an SQL role without ADMIN OPTION allowed the grantee to remove other users from the granted role.
Acknowledgements:
Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Noah Misch as the original reporter.
Discussion:
This is now public:
https://github.com/postgres/postgres/commit/fea164a72a7bfd50d77ba5fb418d357f8f2bb7d0
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
Via RHSA-2014:0211 https://rhn.redhat.com/errata/RHSA-2014-0211.html
---
This issue has been addressed in following products:
Red Hat Software Collections for RHEL-6
Via RHSA-2014:0221 htt
Bugzilla
CVE-2014-0063 postgresql: stack-based buffer overflow in datetime input/output
bugzilla·2014-02-14·CVSS 6.5
CVE-2014-0063 [MEDIUM] CVE-2014-0063 postgresql: stack-based buffer overflow in datetime input/output
CVE-2014-0063 postgresql: stack-based buffer overflow in datetime input/output
It was found that the buffers used to hold datetime output were too small. Long output could lead to a stack-based buffer overflow, possibly allowing an authenticated database user to crash the PostgreSQL server or execute arbitrary code.
Acknowledgements:
Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Noah Misch as the original reporter.
Discussion:
This is now public:
https://github.com/postgres/postgres/commit/4318daecc959886d001a6e79c6ea853e8b1dfb4b
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
Via RHSA-2014:0211 https://rhn.redhat.com/errata/RHSA-2014-0211.html
---
This issue has
http://advisories.mageia.org/MGASA-2014-0278.htmlhttp://lists.opensuse.org/opensuse-updates/2014-05/msg00073.htmlhttp://lists.x.org/archives/xorg-announce/2014-May/002431.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1893.htmlhttp://seclists.org/fulldisclosure/2014/Dec/23http://secunia.com/advisories/59154http://www.debian.org/security/2014/dsa-2927http://www.mandriva.com/security/advisories?name=MDVSA-2015:145http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.htmlhttp://www.securityfocus.com/archive/1/534161/100/0/threadedhttp://www.securityfocus.com/bid/67382http://www.ubuntu.com/usn/USN-2211-1http://www.vmware.com/security/advisories/VMSA-2014-0012.htmlhttp://advisories.mageia.org/MGASA-2014-0278.htmlhttp://lists.opensuse.org/opensuse-updates/2014-05/msg00073.htmlhttp://lists.x.org/archives/xorg-announce/2014-May/002431.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1893.htmlhttp://seclists.org/fulldisclosure/2014/Dec/23http://secunia.com/advisories/59154http://www.debian.org/security/2014/dsa-2927http://www.mandriva.com/security/advisories?name=MDVSA-2015:145http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.htmlhttp://www.securityfocus.com/archive/1/534161/100/0/threadedhttp://www.securityfocus.com/bid/67382http://www.ubuntu.com/usn/USN-2211-1http://www.vmware.com/security/advisories/VMSA-2014-0012.html
2014-05-15
Published