ID CVE-2015-1804
Summary The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via a crafted BDF font file.
References
Vulnerable Configurations
  • cpe:2.3:a:x:libxfont:1.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:x:libxfont:1.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:x:libxfont:1.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:x:libxfont:1.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:x:libxfont:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:x:libxfont:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:x:libxfont:1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:x:libxfont:1.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:x:libxfont:1.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:x:libxfont:1.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:x:libxfont:1.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:x:libxfont:1.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:x:libxfont:1.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:x:libxfont:1.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:x:libxfont:1.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:x:libxfont:1.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:x:libxfont:1.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:x:libxfont:1.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:x:libxfont:1.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:x:libxfont:1.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:x:libxfont:1.2.9:*:*:*:*:*:*:*
    cpe:2.3:a:x:libxfont:1.2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:x:libxfont:1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:x:libxfont:1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:x:libxfont:1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:x:libxfont:1.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:x:libxfont:1.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:x:libxfont:1.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:x:libxfont:1.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:x:libxfont:1.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:x:libxfont:1.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:x:libxfont:1.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:x:libxfont:1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:x:libxfont:1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:x:libxfont:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:x:libxfont:1.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:x:libxfont:1.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:x:libxfont:1.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:x:libxfont:1.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:x:libxfont:1.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:x:libxfont:1.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:x:libxfont:1.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:x:libxfont:1.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:x:libxfont:1.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:x:libxfont:1.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:x:libxfont:1.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:x:libxfont:1.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:x:libxfont:1.4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:x:libxfont:1.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:x:libxfont:1.5.0:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
CVSS
Base: 8.5 (as of 31-12-2016 - 02:59)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:S/C:C/I:C/A:C
redhat via4
advisories
bugzilla
id 1203719
title CVE-2015-1804 libXfont: out-of-bounds memory access in bdfReadCharacters
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 6 is installed
      oval oval:com.redhat.rhba:tst:20111656003
    • OR
      • AND
        • comment libXfont is earlier than 0:1.4.5-5.el6_7
          oval oval:com.redhat.rhsa:tst:20151708001
        • comment libXfont is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111154002
      • AND
        • comment libXfont-devel is earlier than 0:1.4.5-5.el6_7
          oval oval:com.redhat.rhsa:tst:20151708003
        • comment libXfont-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111154004
  • AND
    • comment Red Hat Enterprise Linux 7 is installed
      oval oval:com.redhat.rhba:tst:20150364027
    • OR
      • AND
        • comment libXfont is earlier than 0:1.4.7-3.el7_1
          oval oval:com.redhat.rhsa:tst:20151708006
        • comment libXfont is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111154002
      • AND
        • comment libXfont-devel is earlier than 0:1.4.7-3.el7_1
          oval oval:com.redhat.rhsa:tst:20151708007
        • comment libXfont-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111154004
rhsa
id RHSA-2015:1708
released 2015-09-03
severity Important
title RHSA-2015:1708: libXfont security update (Important)
rpms
  • libXfont-0:1.4.5-5.el6_7
  • libXfont-0:1.4.7-3.ael7b_1
  • libXfont-0:1.4.7-3.el7_1
  • libXfont-debuginfo-0:1.4.5-5.el6_7
  • libXfont-debuginfo-0:1.4.7-3.ael7b_1
  • libXfont-debuginfo-0:1.4.7-3.el7_1
  • libXfont-devel-0:1.4.5-5.el6_7
  • libXfont-devel-0:1.4.7-3.ael7b_1
  • libXfont-devel-0:1.4.7-3.el7_1
refmap via4
bid 73279
confirm
debian DSA-3194
fedora
  • FEDORA-2015-4199
  • FEDORA-2015-4230
gentoo GLSA-201507-21
mandriva MDVSA-2015:145
misc http://www.x.org/wiki/Development/Security/Advisory-2015-03-17/
sectrack 1031935
suse
  • SUSE-SU-2015:0674
  • SUSE-SU-2015:0702
  • openSUSE-SU-2015:0614
  • openSUSE-SU-2015:2300
ubuntu USN-2536-1
Last major update 31-12-2016 - 02:59
Published 20-03-2015 - 14:59
Last modified 31-12-2016 - 02:59
Back to Top