Skip to main content

Libxfont CVE-2014-0209

MEDIUM
Numeric Errors (CWE-189)
2014-05-15 secalert@redhat.com
4.6
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
4.6 MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:L/AC:L/Au:N/C:P/I:P/A:P
Attack Vector
Local
Attack Complexity
Low
Confidentiality
P
Integrity
P
Availability
P

Lifecycle Timeline

1
CVE Published
May 15, 2014 - 14:55 cve.org
MEDIUM 4.6

DescriptionCVE.org

Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata.

AnalysisAI

Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-189. Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata. Affected products include: X Libxfont, Canonical Ubuntu Linux. Version information: before 1.4.8.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2013-6462 CRITICAL POC
9.3 Jan 09

Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont 1.1 through 1.4.6 al

CVE-2015-1804 HIGH
8.5 Mar 20

The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not proper

CVE-2026-56003 HIGH
8.8 Jul 08

Arbitrary code execution in libXfont2 before 2.0.8 lets an authenticated X client corrupt heap memory inside the X serve

CVE-2026-56002 HIGH
8.8 Jul 08

Heap-based code execution in libXfont2 before 2.0.8 allows an authenticated X client to run arbitrary code inside the X

CVE-2026-56001 HIGH
8.8 Jul 08

Arbitrary code execution in the X.Org libXfont2 library (versions before 2.0.8) stems from a heap buffer overflow in the

CVE-2015-1802 HIGH
8.5 Mar 20

The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote a

CVE-2015-1803 HIGH
8.5 Mar 20

The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not proper

CVE-2014-0211 HIGH
7.5 May 15

Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org

CVE-2014-0210 HIGH
7.5 May 15

Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execu

CVE-2017-13722 HIGH
7.1 Oct 11

In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary

CVE-2017-13720 HIGH
7.1 Oct 11

In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with acce

CVE-2017-16611 MEDIUM
5.5 Dec 01

In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as roo

Share

CVE-2014-0209 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy