CVE-2017-13722Out-of-bounds Read in Libxfont

CWE-125Out-of-bounds ReadCWE-20Improper Input Validation11 documents8 sources
Severity
7.1HIGHNVD
EPSS
0.1%
top 79.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
X.org Libxfont
Timeline
PublishedOct 11
Latest updateMay 17

Description

In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages2 packages

Debianx.org/libxfont< 1:2.0.1-4+3
NVDx.org/libxfont1.5.2+2

Patches

Patch: cgit.freedesktop.orgPatch: cgit.freedesktop.org

🔴Vulnerability Details

4
GHSA
GHSA-jv27-9g7q-7pqh: In the pcfGetProperties function in bitmap/pcfread2022-05-17
OSV
CVE-2017-13722: In the pcfGetProperties function in bitmap/pcfread2017-10-11
CVEList
CVE-2017-13722: In the pcfGetProperties function in bitmap/pcfread2017-10-11
OSV
libxfont, libxfont1, libxfont2 vulnerabilities2017-10-10

📋Vendor Advisories

3
Ubuntu
libXfont vulnerabilities2017-10-10
Red Hat
libXfont: Insufficient input validation in pcfread.c2017-10-04
Debian
CVE-2017-13722: libxfont - In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 a...2017

💬Community

3
Bugzilla
CVE-2017-13722 libXfont: Insufficient input validation in pcfread.c2017-10-11
Bugzilla
CVE-2017-13720 CVE-2017-13722 libXfont: various flaws [fedora-all]2017-10-11
Bugzilla
CVE-2017-13720 CVE-2017-13722 libXfont2: various flaws [fedora-all]2017-10-11