ID CVE-2014-0211
Summary Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow.
References
Vulnerable Configurations
  • Canonical Ubuntu Linux 10.04 LTS
    cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts
  • Canonical Ubuntu Linux 12.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts
  • Canonical Ubuntu Linux 12.10
    cpe:2.3:o:canonical:ubuntu_linux:12.10
  • Canonical Ubuntu Linux 13.10
    cpe:2.3:o:canonical:ubuntu_linux:13.10
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • X.Org LibXFont 1.2.3
    cpe:2.3:a:x:libxfont:1.2.3
  • X.Org LibXFont 1.2.4
    cpe:2.3:a:x:libxfont:1.2.4
  • X.Org LibXFont 1.2.5
    cpe:2.3:a:x:libxfont:1.2.5
  • X.Org LibXFont 1.2.6
    cpe:2.3:a:x:libxfont:1.2.6
  • X.Org LibXFont 1.2.7
    cpe:2.3:a:x:libxfont:1.2.7
  • X.Org LibXFont 1.2.8
    cpe:2.3:a:x:libxfont:1.2.8
  • X.Org LibXFont 1.2.9
    cpe:2.3:a:x:libxfont:1.2.9
  • X.Org LibXFont 1.3.0
    cpe:2.3:a:x:libxfont:1.3.0
  • X.Org LibXFont 1.3.1
    cpe:2.3:a:x:libxfont:1.3.1
  • X.Org LibXFont 1.3.2
    cpe:2.3:a:x:libxfont:1.3.2
  • X.Org LibXFont 1.3.3
    cpe:2.3:a:x:libxfont:1.3.3
  • X.Org LibXFont 1.3.4
    cpe:2.3:a:x:libxfont:1.3.4
  • X.Org LibXFont 1.4.0
    cpe:2.3:a:x:libxfont:1.4.0
  • X.Org LibXFont 1.4.1
    cpe:2.3:a:x:libxfont:1.4.1
  • X.Org LibXFont 1.4.2
    cpe:2.3:a:x:libxfont:1.4.2
  • X.Org LibXFont 1.4.3
    cpe:2.3:a:x:libxfont:1.4.3
  • X.Org LibXFont 1.4.4
    cpe:2.3:a:x:libxfont:1.4.4
  • X.Org LibXFont 1.4.5
    cpe:2.3:a:x:libxfont:1.4.5
  • X.Org LibXFont 1.4.6
    cpe:2.3:a:x:libxfont:1.4.6
  • X.Org LibXFont 1.4.7
    cpe:2.3:a:x:libxfont:1.4.7
  • X.Org LibXFont 1.4.99
    cpe:2.3:a:x:libxfont:1.4.99
CVSS
Base: 7.5 (as of 16-05-2014 - 10:00)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2015-145.NASL
    description Updated libxfont packages fix security vulnerabilities : Ilja van Sprundel discovered that libXfont incorrectly handled font metadata file parsing. A local attacker could use this issue to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges (CVE-2014-0209). Ilja van Sprundel discovered that libXfont incorrectly handled X Font Server replies. A malicious font server could return specially crafted data that could cause libXfont to crash, or possibly execute arbitrary code (CVE-2014-0210, CVE-2014-0211). The bdf parser reads a count for the number of properties defined in a font from the font file, and allocates arrays with entries for each property based on that count. It never checked to see if that count was negative, or large enough to overflow when multiplied by the size of the structures being allocated, and could thus allocate the wrong buffer size, leading to out of bounds writes (CVE-2015-1802). If the bdf parser failed to parse the data for the bitmap for any character, it would proceed with an invalid pointer to the bitmap data and later crash when trying to read the bitmap from that pointer (CVE-2015-1803). The bdf parser read metrics values as 32-bit integers, but stored them into 16-bit integers. Overflows could occur in various operations leading to out-of-bounds memory access (CVE-2015-1804).
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 82398
    published 2015-03-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82398
    title Mandriva Linux Security Advisory : libxfont (MDVSA-2015:145-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-1893.NASL
    description From Red Hat Security Advisory 2014:1893 : Updated libXfont packages that fix three security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libXfont packages provide the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. A use-after-free flaw was found in the way libXfont processed certain font files when attempting to add a new directory to the font path. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0209) Multiple out-of-bounds write flaws were found in the way libXfont parsed replies received from an X.org font server. A malicious X.org server could cause an X client to crash or, possibly, execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0210, CVE-2014-0211) Red Hat would like to thank the X.org project for reporting these issues. Upstream acknowledges Ilja van Sprundel as the original reporter. Users of libXfont should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running X.Org server instances must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 79424
    published 2014-11-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79424
    title Oracle Linux 5 : libXfont (ELSA-2014-1893)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS11_XORG_20141107_2.NASL
    description The remote Solaris system is missing necessary patches to address security updates : - Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata. (CVE-2014-0209) - Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info function. (CVE-2014-0210) - Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow. (CVE-2014-0211)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 80823
    published 2015-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80823
    title Oracle Solaris Third-Party Patch Update : xorg (multiple_vulnerabilities_in_x_org2)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2927.NASL
    description Ilja van Sprundel of IOActive discovered several security issues in the X.Org libXfont library, which may allow a local, authenticated user to attempt to raise privileges; or a remote attacker who can control the font server to attempt to execute code with the privileges of the X server. - CVE-2014-0209 Integer overflow of allocations in font metadata file parsing could allow a local user who is already authenticated to the X server to overwrite other memory in the heap. - CVE-2014-0210 libxfont does not validate length fields when parsing xfs protocol replies allowing to write past the bounds of allocated memory when storing the returned data from the font server. - CVE-2014-0211 Integer overflows calculating memory needs for xfs replies could result in allocating too little memory and then writing the returned data from the font server past the end of the allocated buffer.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 73997
    published 2014-05-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=73997
    title Debian DSA-2927-1 : libxfont - security update
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_XORG-X11-DEVEL-140515.NASL
    description xorg-x11-libs was patched to fix the following security issues : - Integer overflow of allocations in font metadata file parsing. (CVE-2014-0209) - libxfont not validating length fields when parsing xfs protocol replies. (CVE-2014-0210) - Integer overflows causing miscalculating memory needs for xfs replies. (CVE-2014-0211) Further information is available at http://lists.x.org/archives/xorg-announce/2014-May/00243 1.html .
    last seen 2019-02-21
    modified 2014-06-11
    plugin id 74463
    published 2014-06-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74463
    title SuSE 11.3 Security Update : xorg-x11-libs (SAT Patch Number 9272)
  • NASL family Misc.
    NASL id ORACLE_SECURE_GLOBAL_DESKTOP_JUL_2014_CPU.NASL
    description The remote host has a version of Oracle Secure Global Desktop that is version 4.63, 4.71, 5.0 or 5.1. It is, therefore, affected by the following vulnerabilities : - Apache Tomcat does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks. (CVE-2013-4286) - CoyoteAdapter.java in Apache Tomcat does not consider the 'disableURLRewriting' setting when handling session ID in a URL, allowing a remote attacker to conduct session fixation attacks via a crafted URL. (CVE-2014-0033) - The 'log_cookie' function in mod_log_config.c of Apache will not handle specially crafted cookies during truncation, allowing a remote attacker to cause a denial of service via a segmentation fault. (CVE-2014-0098) - Multiple integer overflows within X.Org libXfont that could allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow. (CVE-2014-0211) - OpenSSL does not properly restrict processing of 'ChangeCipherSpec' messages which allows man-in-the-middle attackers to trigger use of a zero-length master key and consequently hijack sessions or obtain sensitive information via a crafted TLS handshake. (CVE-2014-0224) - An unspecified flaw related to the Workspace Web Application subcomponent could allow a remote attacker to impact integrity. (CVE-2014-4232)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 76570
    published 2014-07-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76570
    title Oracle Secure Global Desktop Multiple Vulnerabilities (July 2014 CPU)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2014-0080.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - CVE-2014-0209: integer overflow of allocations in font metadata file parsing (bug 1163602, bug 1163601) - CVE-2014-0210: unvalidated length fields when parsing xfs protocol replies (bug 1163602, bug 1163601) - CVE-2014-0211: integer overflows calculating memory needs for xfs replies (bug 1163602, bug 1163601) - CVE-2013-6462.patch: sscanf overflow (bug 1049684) - sscanf-hardening.patch: Some other sscanf hardening fixes (1049684)
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 79557
    published 2014-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79557
    title OracleVM 3.3 : libXfont (OVMSA-2014-0080)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-1870.NASL
    description Updated libXfont packages that fix three security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libXfont packages provide the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. A use-after-free flaw was found in the way libXfont processed certain font files when attempting to add a new directory to the font path. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0209) Multiple out-of-bounds write flaws were found in the way libXfont parsed replies received from an X.org font server. A malicious X.org server could cause an X client to crash or, possibly, execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0210, CVE-2014-0211) Red Hat would like to thank the X.org project for reporting these issues. Upstream acknowledges Ilja van Sprundel as the original reporter. Users of libXfont should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running X.Org server instances must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 79327
    published 2014-11-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79327
    title RHEL 6 / 7 : libXfont (RHSA-2014:1870)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-1870.NASL
    description From Red Hat Security Advisory 2014:1870 : Updated libXfont packages that fix three security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libXfont packages provide the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. A use-after-free flaw was found in the way libXfont processed certain font files when attempting to add a new directory to the font path. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0209) Multiple out-of-bounds write flaws were found in the way libXfont parsed replies received from an X.org font server. A malicious X.org server could cause an X client to crash or, possibly, execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0210, CVE-2014-0211) Red Hat would like to thank the X.org project for reporting these issues. Upstream acknowledges Ilja van Sprundel as the original reporter. Users of libXfont should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running X.Org server instances must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 79371
    published 2014-11-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79371
    title Oracle Linux 6 / 7 : libXfont (ELSA-2014-1870)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_B060EE50DABA11E399F2BCAEC565249C.NASL
    description Alan Coopersmith reports : Ilja van Sprundel, a security researcher with IOActive, has discovered several issues in the way the libXfont library handles the responses it receives from xfs servers, and has worked with X.Org's security team to analyze, confirm, and fix these issues. Most of these issues stem from libXfont trusting the font server to send valid protocol data, and not verifying that the values will not overflow or cause other damage. This code is commonly called from the X server when an X Font Server is active in the font path, so may be running in a setuid-root process depending on the X server in use. Exploits of this path could be used by a local, authenticated user to attempt to raise privileges; or by a remote attacker who can control the font server to attempt to execute code with the privileges of the X server.
    last seen 2019-02-21
    modified 2018-11-23
    plugin id 74004
    published 2014-05-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74004
    title FreeBSD : libXfont -- X Font Service Protocol and Font metadata file handling issues (b060ee50-daba-11e3-99f2-bcaec565249c)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2014-404.NASL
    description Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow. Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info function. Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata.
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 78347
    published 2014-10-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78347
    title Amazon Linux AMI : libXfont (ALAS-2014-404)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20141124_LIBXFONT_ON_SL5_X.NASL
    description A use-after-free flaw was found in the way libXfont processed certain font files when attempting to add a new directory to the font path. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0209) Multiple out-of-bounds write flaws were found in the way libXfont parsed replies received from an X.org font server. A malicious X.org server could cause an X client to crash or, possibly, execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0210, CVE-2014-0211) All running X.Org server instances must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 79427
    published 2014-11-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79427
    title Scientific Linux Security Update : libXfont on SL5.x i386/x86_64
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2211-1.NASL
    description Ilja van Sprundel discovered that libXfont incorrectly handled font metadata file parsing. A local attacker could use this issue to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges. (CVE-2014-0209) Ilja van Sprundel discovered that libXfont incorrectly handled X Font Server replies. A malicious font server could return specially crafted data that could cause libXfont to crash, or possibly execute arbitrary code. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, Ubuntu 12.10 and Ubuntu 13.10. (CVE-2014-0210, CVE-2014-0211). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 74022
    published 2014-05-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74022
    title Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 / 14.04 LTS : libxfont vulnerabilities (USN-2211-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2014-391.NASL
    description libxfont was updated to fix multiple vulnerabilities : - Integer overflow of allocations in font metadata file parsing (CVE-2014-0209). - Unvalidated length fields when parsing xfs protocol replies (CVE-2014-0210). - Integer overflows calculating memory needs for xfs replies (CVE-2014-0211). These vulnerabilities could be used by a local, authenticated user to raise privileges or by a remote attacker with control of the font server to execute code with the privileges of the X server.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75371
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75371
    title openSUSE Security Update : libXfont (openSUSE-SU-2014:0711-1)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201406-11.NASL
    description The remote host is affected by the vulnerability described in GLSA-201406-11 (libXfont: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in libXfont. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker could use a specially crafted file to gain privileges, cause a Denial of Service condition or possibly execute arbitrary code with the privileges of the process. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 82003
    published 2015-03-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82003
    title GLSA-201406-11 : libXfont: Multiple vulnerabilities
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2014-132.NASL
    description Updated libxfont packages fix security vulnerabilities : Ilja van Sprundel discovered that libXfont incorrectly handled font metadata file parsing. A local attacker could use this issue to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges (CVE-2014-0209). Ilja van Sprundel discovered that libXfont incorrectly handled X Font Server replies. A malicious font server could return specially crafted data that could cause libXfont to crash, or possibly execute arbitrary code (CVE-2014-0210, CVE-2014-0211).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 76440
    published 2014-07-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76440
    title Mandriva Linux Security Advisory : libxfont (MDVSA-2014:132)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2014-1870.NASL
    description Updated libXfont packages that fix three security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libXfont packages provide the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. A use-after-free flaw was found in the way libXfont processed certain font files when attempting to add a new directory to the font path. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0209) Multiple out-of-bounds write flaws were found in the way libXfont parsed replies received from an X.org font server. A malicious X.org server could cause an X client to crash or, possibly, execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0210, CVE-2014-0211) Red Hat would like to thank the X.org project for reporting these issues. Upstream acknowledges Ilja van Sprundel as the original reporter. Users of libXfont should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running X.Org server instances must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 79313
    published 2014-11-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79313
    title CentOS 6 / 7 : libXfont (CESA-2014:1870)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2014-1893.NASL
    description Updated libXfont packages that fix three security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libXfont packages provide the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. A use-after-free flaw was found in the way libXfont processed certain font files when attempting to add a new directory to the font path. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0209) Multiple out-of-bounds write flaws were found in the way libXfont parsed replies received from an X.org font server. A malicious X.org server could cause an X client to crash or, possibly, execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0210, CVE-2014-0211) Red Hat would like to thank the X.org project for reporting these issues. Upstream acknowledges Ilja van Sprundel as the original reporter. Users of libXfont should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running X.Org server instances must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 79563
    published 2014-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79563
    title CentOS 5 : libXfont (CESA-2014:1893)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20141118_LIBXFONT_ON_SL6_X.NASL
    description A use-after-free flaw was found in the way libXfont processed certain font files when attempting to add a new directory to the font path. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0209) Multiple out-of-bounds write flaws were found in the way libXfont parsed replies received from an X.org font server. A malicious X.org server could cause an X client to crash or, possibly, execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0210, CVE-2014-0211) All running X.Org server instances must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 79330
    published 2014-11-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79330
    title Scientific Linux Security Update : libXfont on SL6.x, SL7.x i386/srpm/x86_64
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-8208.NASL
    description - libXfont 1.4.8 (rhbz#1100441) - Fixes: CVE-2014-0209, CVE-2014-0210, CVE-2014-0211 (rhbz#1097397) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 76514
    published 2014-07-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76514
    title Fedora 20 : libXfont-1.4.8-1.fc20 (2014-8208)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-8223.NASL
    description - libXfont 1.4.8 (rhbz#1100441) - Fixes: CVE-2014-0209, CVE-2014-0210, CVE-2014-0211 (rhbz#1097397) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 76693
    published 2014-07-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76693
    title Fedora 19 : libXfont-1.4.8-1.fc19 (2014-8223)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-1893.NASL
    description Updated libXfont packages that fix three security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libXfont packages provide the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. A use-after-free flaw was found in the way libXfont processed certain font files when attempting to add a new directory to the font path. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0209) Multiple out-of-bounds write flaws were found in the way libXfont parsed replies received from an X.org font server. A malicious X.org server could cause an X client to crash or, possibly, execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0210, CVE-2014-0211) Red Hat would like to thank the X.org project for reporting these issues. Upstream acknowledges Ilja van Sprundel as the original reporter. Users of libXfont should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running X.Org server instances must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 79425
    published 2014-11-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79425
    title RHEL 5 : libXfont (RHSA-2014:1893)
redhat via4
advisories
  • bugzilla
    id 1096601
    title CVE-2014-0211 libXfont: integer overflows calculating memory needs for xfs replies
    oval
    OR
    • AND
      • OR
        • comment Red Hat Enterprise Linux 7 Client is installed
          oval oval:com.redhat.rhba:tst:20150364001
        • comment Red Hat Enterprise Linux 7 Server is installed
          oval oval:com.redhat.rhba:tst:20150364002
        • comment Red Hat Enterprise Linux 7 Workstation is installed
          oval oval:com.redhat.rhba:tst:20150364003
        • comment Red Hat Enterprise Linux 7 ComputeNode is installed
          oval oval:com.redhat.rhba:tst:20150364004
      • OR
        • AND
          • comment libXfont is earlier than 0:1.4.7-2.el7_0
            oval oval:com.redhat.rhsa:tst:20141870005
          • comment libXfont is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20111154006
        • AND
          • comment libXfont-devel is earlier than 0:1.4.7-2.el7_0
            oval oval:com.redhat.rhsa:tst:20141870007
          • comment libXfont-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20111154008
    • AND
      • OR
        • comment Red Hat Enterprise Linux 6 Client is installed
          oval oval:com.redhat.rhba:tst:20111656001
        • comment Red Hat Enterprise Linux 6 Server is installed
          oval oval:com.redhat.rhba:tst:20111656002
        • comment Red Hat Enterprise Linux 6 Workstation is installed
          oval oval:com.redhat.rhba:tst:20111656003
        • comment Red Hat Enterprise Linux 6 ComputeNode is installed
          oval oval:com.redhat.rhba:tst:20111656004
      • OR
        • AND
          • comment libXfont is earlier than 0:1.4.5-4.el6_6
            oval oval:com.redhat.rhsa:tst:20141870013
          • comment libXfont is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20111154006
        • AND
          • comment libXfont-devel is earlier than 0:1.4.5-4.el6_6
            oval oval:com.redhat.rhsa:tst:20141870014
          • comment libXfont-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20111154008
    rhsa
    id RHSA-2014:1870
    released 2014-11-18
    severity Important
    title RHSA-2014:1870: libXfont security update (Important)
  • bugzilla
    id 1096601
    title CVE-2014-0211 libXfont: integer overflows calculating memory needs for xfs replies
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment libXfont is earlier than 0:1.2.2-1.0.6.el5_11
          oval oval:com.redhat.rhsa:tst:20141893002
        • comment libXfont is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070132003
      • AND
        • comment libXfont-devel is earlier than 0:1.2.2-1.0.6.el5_11
          oval oval:com.redhat.rhsa:tst:20141893004
        • comment libXfont-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070132005
    rhsa
    id RHSA-2014:1893
    released 2014-11-24
    severity Important
    title RHSA-2014:1893: libXfont security update (Important)
rpms
  • libXfont-0:1.4.7-2.el7_0
  • libXfont-devel-0:1.4.7-2.el7_0
  • libXfont-0:1.4.5-4.el6_6
  • libXfont-devel-0:1.4.5-4.el6_6
  • libXfont-0:1.2.2-1.0.6.el5_11
  • libXfont-devel-0:1.2.2-1.0.6.el5_11
refmap via4
bid 67382
bugtraq 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
confirm
debian DSA-2927
fulldisc 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
mandriva MDVSA-2015:145
mlist [xorg-announce] 20140513 [ANNOUNCE] X.Org Security Advisory: Multiple issues in libXfont
secunia 59154
suse openSUSE-SU-2014:0711
ubuntu USN-2211-1
Last major update 06-01-2017 - 21:59
Published 15-05-2014 - 10:55
Last modified 09-10-2018 - 15:38
Back to Top