what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2015-1804

Status Candidate

Overview

The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via a crafted BDF font file.

Related Files

Red Hat Security Advisory 2015-1708-01
Posted Sep 3, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1708-01 - The libXfont package provides the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. An integer overflow flaw was found in the way libXfont processed certain Glyph Bitmap Distribution Format fonts. A malicious, local user could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with the privileges of the X.Org server. An integer truncation flaw was discovered in the way libXfont processed certain Glyph Bitmap Distribution Format fonts. A malicious, local user could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with the privileges of the X.Org server.

tags | advisory, overflow, arbitrary, local
systems | linux, redhat
advisories | CVE-2015-1802, CVE-2015-1803, CVE-2015-1804
SHA-256 | b4c72f1baca33b69f444c7d54c609270e1c6b3023adf8a3f5b00f5bf23f3c79c
Gentoo Linux Security Advisory 201507-21
Posted Jul 22, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201507-21 - Multiple vulnerabilities have been found in libXfont, the worst of which could result in execution of arbitrary code or Denial of Service. Versions less than 1.5.1 are affected.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2015-1802, CVE-2015-1803, CVE-2015-1804
SHA-256 | d6f33139e8c527bc70c4ea761d7fc2d4631efdbe323f07c4c8c6e913720f3040
Mandriva Linux Security Advisory 2015-145-1
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-145 - Ilja van Sprundel discovered that libXfont incorrectly handled font metadata file parsing. A local attacker could use this issue to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges. Ilja van Sprundel discovered that libXfont incorrectly handled X Font Server replies. A malicious font server could return specially-crafted data that could cause libXfont to crash, or possibly execute arbitrary code. The bdf parser reads a count for the number of properties defined in a font from the font file, and allocates arrays with entries for each property based on that count. It never checked to see if that count was negative, or large enough to overflow when multiplied by the size of the structures being allocated, and could thus allocate the wrong buffer size, leading to out of bounds writes. If the bdf parser failed to parse the data for the bitmap for any character, it would proceed with an invalid pointer to the bitmap data and later crash when trying to read the bitmap from that pointer. The bdf parser read metrics values as 32-bit integers, but stored them into 16-bit integers. Overflows could occur in various operations leading to out-of-bounds memory access.

tags | advisory, overflow, arbitrary, local
systems | linux, mandriva
advisories | CVE-2014-0209, CVE-2014-0210, CVE-2014-0211, CVE-2015-1802, CVE-2015-1803, CVE-2015-1804
SHA-256 | a9a42ecd718721d5a11d06c024b5f62812437aee1c473aaf4bd9e04467a32d40
Mandriva Linux Security Advisory 2015-145
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-145 - Ilja van Sprundel discovered that libXfont incorrectly handled font metadata file parsing. A local attacker could use this issue to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges. Ilja van Sprundel discovered that libXfont incorrectly handled X Font Server replies. A malicious font server could return specially-crafted data that could cause libXfont to crash, or possibly execute arbitrary code. The bdf parser reads a count for the number of properties defined in a font from the font file, and allocates arrays with entries for each property based on that count. It never checked to see if that count was negative, or large enough to overflow when multiplied by the size of the structures being allocated, and could thus allocate the wrong buffer size, leading to out of bounds writes. If the bdf parser failed to parse the data for the bitmap for any character, it would proceed with an invalid pointer to the bitmap data and later crash when trying to read the bitmap from that pointer. The bdf parser read metrics values as 32-bit integers, but stored them into 16-bit integers. Overflows could occur in various operations leading to out-of-bounds memory access.

tags | advisory, overflow, arbitrary, local
systems | linux, mandriva
advisories | CVE-2014-0209, CVE-2014-0210, CVE-2014-0211, CVE-2015-1802, CVE-2015-1803, CVE-2015-1804
SHA-256 | c03383e7af1d9662fd0fef548bfcc86b6af1db11d7f433937eb5eaede861ebc3
Ubuntu Security Notice USN-2536-1
Posted Mar 19, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2536-1 - Ilja van Sprundel, Alan Coopersmith, and William Robinet discovered that libXfont incorrectly handled malformed bdf fonts. A local attacker could use this issue to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges.

tags | advisory, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2015-1802, CVE-2015-1803, CVE-2015-1804
SHA-256 | fd7e0af1e4d2c41698918683416f3032ef7b2e82e83ac617340a7c68d27299b7
Debian Security Advisory 3194-1
Posted Mar 18, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3194-1 - Ilja van Sprundel, Alan Coopersmith and William Robinet discovered multiple issues in libxfont's code to process BDF fonts, which might result in privilege escalation.

tags | advisory
systems | linux, debian
advisories | CVE-2015-1802, CVE-2015-1803, CVE-2015-1804
SHA-256 | 984fd08815ed72c3981453fbe068a7951191d73e4a772b399ba3bb5daa3ac4d3
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close