Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в libXfont
Опубликовано:15 мая 2014 г.
Источник:
SecurityVulns ID:13772
Тип:библиотека
Уровень опасности:
6/10
Описание:DoS, повреждение памяти.
Затронутые продукты:LIBXFONT : libXfont 1.4
CVE:CVE-2014-0211 (Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow.)
 CVE-2014-0210 (Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info function.)
 CVE-2014-0209 (Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata.)
Оригинальный текстdocumentAlan Coopersmith, [oss-security] Fwd: [ANNOUNCE] X.Org Security Advisory: Multiple issues in libXfont (15.05.2014)
 documentUBUNTU, [USN-2211-1] libXfont vulnerabilities (15.05.2014)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород