Risk | Low |
Patch available | YES |
Number of vulnerabilities | 2 |
CVE-ID | CVE-2017-13720 CVE-2017-13722 |
CWE-ID | CWE-125 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
libXfont Universal components / Libraries / Libraries used by multiple products |
Vendor | X.org |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
EUVDB-ID: #VU38075
Risk: Low
CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-13720
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to #BASIC_IMPACT#.
In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash (denial of service). This occurs because '