Main Vulnerability Database Vulnerabilities #VU33847

Input validation error in libXfont - CVE-2014-0209

Published: May 15, 2014 / Updated: August 4, 2020

Vulnerability identifier: #VU33847

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2014-0209

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: X.org

Affected software:
libXfont

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata.

How to mitigate CVE-2014-0209

Install update from vendor's website.

Input validation error in libXfont - CVE-2014-0209

Detailed vulnerability description

How to mitigate CVE-2014-0209

Sources

Please verify you're human