CVE-2015-1803 — Unchecked Return Value in Libxfont

CWE-252 — Unchecked Return Value CWE-391 — Unchecked Error Condition CWE-476 — NULL Pointer Dereference9 documents8 sources

Severity

8.5HIGHNVD

EPSS

1.7%

top 17.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

X.org Libxfont X Libxfont Canonical Ubuntu Linux +1 more

Timeline

PublishedMar 20

Latest updateMay 17

Description

The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a crafted BDF font file.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 6.8 | Impact: 10.0

Affected Packages2 packages

▶Debianx.org/libxfont< 1:1.5.1-1+3

▶NVDx/libxfont1.4.8+1

Also affects: Debian Linux 7.0, Ubuntu Linux 10.04, 12.04, 14.04, 14.10

🔴Vulnerability Details

GHSA

GHSA-7vwv-c4f9-4xwx: The bdfReadCharacters function in bitmap/bdfread↗2022-05-17

▶

CVEList

CVE-2015-1803: The bdfReadCharacters function in bitmap/bdfread↗2015-03-20

▶

OSV

CVE-2015-1803: The bdfReadCharacters function in bitmap/bdfread↗2015-03-20

▶

📋Vendor Advisories

Ubuntu

libXfont vulnerabilities↗2015-03-18

▶

Red Hat

libXfont: crash on invalid read in bdfReadCharacters↗2015-03-17

▶

Debian

CVE-2015-1803: libxfont - The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4....↗2015

▶

💬Community

Bugzilla

CVE-2015-1803 libXfont: crash on invalid read in bdfReadCharacters↗2015-03-19

▶

Bugzilla

CVE-2015-1804 CVE-2015-1802 CVE-2015-1803 libXfont: various flaws [fedora-all]↗2015-03-19

▶