Out-of-bounds read in libXfont

#VU38076 Out-of-bounds read in libXfont

Published: 2017-10-11 | Updated: 2020-08-08

Vulnerability identifier: #VU38076

Vulnerability risk: Low

CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13722

CWE-ID: CWE-125

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
libXfont
Universal components / Libraries / Libraries used by multiple products

Vendor: X.org

Description

The vulnerability allows a local authenticated user to #BASIC_IMPACT#.

In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server.

Mitigation
Install update from vendor's website.

Vulnerable software versions

libXfont: 2.0.0 - 2.0.1

External links
http://www.debian.org/security/2017/dsa-3995
http://bugzilla.redhat.com/show_bug.cgi?id=1500693
http://bugzilla.suse.com/show_bug.cgi?id=1049692
http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=672bb944311392e2415b39c0d63b1e1902905bcd
http://security.gentoo.org/glsa/201711-08
http://www.x.org/releases/individual/lib/libXfont2-2.0.2.tar.bz2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Gentoo update for LibXfont, LibXfont2

Multiple vulnerabilities in X libXfont