cbcvebase.
CVE-2015-1804
published 2015-03-20

CVE-2015-1804: The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics…

PriorityP345high8.5CVSS 2.0
AVNACMAuSCCICAC
EPSS
4.96%
91.1th percentile
The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via a crafted BDF font file.

Affected

7 ranges
VendorProductVersion rangeFixed in
debianlibxfont< libxfont 1:1.5.1-1 (bookworm)libxfont 1:1.5.1-1 (bookworm)
x.orglibxfont>= 0 < 1:1.5.1-11:1.5.1-1
x.orglibxfont>= 0 < 1:1.5.1-11:1.5.1-1
x.orglibxfont>= 0 < 1:1.5.1-11:1.5.1-1
x.orglibxfont>= 0 < 1:1.5.1-11:1.5.1-1
xlibxfont<= 1.4.8
xlibxfont

CVSS provenance

nvdv2.08.5HIGHAV:N/AC:M/Au:S/C:C/I:C/A:C
osv8.5HIGH
vendor_debian8.5HIGH
vendor_redhat8.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.