CVE-2015-1804

Related Files

Red Hat Security Advisory 2015-1708-01

Posted Sep 3, 2015

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1708-01 - The libXfont package provides the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. An integer overflow flaw was found in the way libXfont processed certain Glyph Bitmap Distribution Format fonts. A malicious, local user could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with the privileges of the X.Org server. An integer truncation flaw was discovered in the way libXfont processed certain Glyph Bitmap Distribution Format fonts. A malicious, local user could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with the privileges of the X.Org server.

tags | advisory, overflow, arbitrary, local

systems | linux, redhat

advisories | CVE-2015-1802, CVE-2015-1803, CVE-2015-1804

SHA-256 | b4c72f1baca33b69f444c7d54c609270e1c6b3023adf8a3f5b00f5bf23f3c79c

Download | Favorite | View

Gentoo Linux Security Advisory 201507-21

Posted Jul 22, 2015

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201507-21 - Multiple vulnerabilities have been found in libXfont, the worst of which could result in execution of arbitrary code or Denial of Service. Versions less than 1.5.1 are affected.

tags | advisory, denial of service, arbitrary, vulnerability

systems | linux, gentoo

advisories | CVE-2015-1802, CVE-2015-1803, CVE-2015-1804

SHA-256 | d6f33139e8c527bc70c4ea761d7fc2d4631efdbe323f07c4c8c6e913720f3040

Download | Favorite | View

Mandriva Linux Security Advisory 2015-145-1

Posted Mar 31, 2015

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-145 - Ilja van Sprundel discovered that libXfont incorrectly handled font metadata file parsing. A local attacker could use this issue to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges. Ilja van Sprundel discovered that libXfont incorrectly handled X Font Server replies. A malicious font server could return specially-crafted data that could cause libXfont to crash, or possibly execute arbitrary code. The bdf parser reads a count for the number of properties defined in a font from the font file, and allocates arrays with entries for each property based on that count. It never checked to see if that count was negative, or large enough to overflow when multiplied by the size of the structures being allocated, and could thus allocate the wrong buffer size, leading to out of bounds writes. If the bdf parser failed to parse the data for the bitmap for any character, it would proceed with an invalid pointer to the bitmap data and later crash when trying to read the bitmap from that pointer. The bdf parser read metrics values as 32-bit integers, but stored them into 16-bit integers. Overflows could occur in various operations leading to out-of-bounds memory access.

tags | advisory, overflow, arbitrary, local

systems | linux, mandriva

advisories | CVE-2014-0209, CVE-2014-0210, CVE-2014-0211, CVE-2015-1802, CVE-2015-1803, CVE-2015-1804

SHA-256 | a9a42ecd718721d5a11d06c024b5f62812437aee1c473aaf4bd9e04467a32d40

Download | Favorite | View

Mandriva Linux Security Advisory 2015-145

Posted Mar 30, 2015

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-145 - Ilja van Sprundel discovered that libXfont incorrectly handled font metadata file parsing. A local attacker could use this issue to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges. Ilja van Sprundel discovered that libXfont incorrectly handled X Font Server replies. A malicious font server could return specially-crafted data that could cause libXfont to crash, or possibly execute arbitrary code. The bdf parser reads a count for the number of properties defined in a font from the font file, and allocates arrays with entries for each property based on that count. It never checked to see if that count was negative, or large enough to overflow when multiplied by the size of the structures being allocated, and could thus allocate the wrong buffer size, leading to out of bounds writes. If the bdf parser failed to parse the data for the bitmap for any character, it would proceed with an invalid pointer to the bitmap data and later crash when trying to read the bitmap from that pointer. The bdf parser read metrics values as 32-bit integers, but stored them into 16-bit integers. Overflows could occur in various operations leading to out-of-bounds memory access.

tags | advisory, overflow, arbitrary, local

systems | linux, mandriva

advisories | CVE-2014-0209, CVE-2014-0210, CVE-2014-0211, CVE-2015-1802, CVE-2015-1803, CVE-2015-1804

SHA-256 | c03383e7af1d9662fd0fef548bfcc86b6af1db11d7f433937eb5eaede861ebc3

Download | Favorite | View

Ubuntu Security Notice USN-2536-1

Posted Mar 19, 2015

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2536-1 - Ilja van Sprundel, Alan Coopersmith, and William Robinet discovered that libXfont incorrectly handled malformed bdf fonts. A local attacker could use this issue to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges.

tags | advisory, arbitrary, local

systems | linux, ubuntu

advisories | CVE-2015-1802, CVE-2015-1803, CVE-2015-1804

SHA-256 | fd7e0af1e4d2c41698918683416f3032ef7b2e82e83ac617340a7c68d27299b7

Download | Favorite | View

Debian Security Advisory 3194-1

Posted Mar 18, 2015

Authored by Debian | Site debian.org

Debian Linux Security Advisory 3194-1 - Ilja van Sprundel, Alan Coopersmith and William Robinet discovered multiple issues in libxfont's code to process BDF fonts, which might result in privilege escalation.

tags | advisory

systems | linux, debian

advisories | CVE-2015-1802, CVE-2015-1803, CVE-2015-1804

SHA-256 | 984fd08815ed72c3981453fbe068a7951191d73e4a772b399ba3bb5daa3ac4d3

Download | Favorite | View