Skip to main content

Libxfont CVE-2015-1802

HIGH
Buffer Overflow (CWE-119)
2015-03-20 secalert@redhat.com
8.5
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
8.5 HIGH
AV:N/AC:M/Au:S/C:C/I:C/A:C

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:S/C:C/I:C/A:C
Attack Vector
Network
Attack Complexity
M
Confidentiality
C
Integrity
C
Availability
C

Lifecycle Timeline

1
CVE Published
Mar 20, 2015 - 14:59 cve.org
HIGH 8.5

DescriptionCVE.org

The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a (1) negative or (2) large property count in a BDF font file.

AnalysisAI

The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service (out-of-bounds write and crash). Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a (1) negative or (2) large property count in a BDF font file. Affected products include: X Libxfont. Version information: before 1.4.9.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

CVE-2013-6462 CRITICAL POC
9.3 Jan 09

Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont 1.1 through 1.4.6 al

CVE-2015-1804 HIGH
8.5 Mar 20

The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not proper

CVE-2026-56003 HIGH
8.8 Jul 08

Arbitrary code execution in libXfont2 before 2.0.8 lets an authenticated X client corrupt heap memory inside the X serve

CVE-2026-56002 HIGH
8.8 Jul 08

Heap-based code execution in libXfont2 before 2.0.8 allows an authenticated X client to run arbitrary code inside the X

CVE-2026-56001 HIGH
8.8 Jul 08

Arbitrary code execution in the X.Org libXfont2 library (versions before 2.0.8) stems from a heap buffer overflow in the

CVE-2015-1803 HIGH
8.5 Mar 20

The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not proper

CVE-2014-0211 HIGH
7.5 May 15

Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org

CVE-2014-0210 HIGH
7.5 May 15

Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execu

CVE-2017-13722 HIGH
7.1 Oct 11

In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary

CVE-2017-13720 HIGH
7.1 Oct 11

In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with acce

CVE-2017-16611 MEDIUM
5.5 Dec 01

In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as roo

CVE-2014-0209 MEDIUM
4.6 May 15

Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4

Share

CVE-2015-1802 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy