CVE-2014-0211

Priority
Medium
Description
Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs,
and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and
1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary
code via a crafted xfs reply, which triggers a buffer overflow.
References
Notes
mdeslaur> trusty and later are built with --disable-fc, so this shouldn't
mdeslaur> be an issue. Adding patch anyway for completeness' sake.
Assigned-to
mdeslaur
Package
Upstream:released (1.4.8)
Ubuntu 10.04 LTS (Lucid Lynx):released (1:1.4.1-1ubuntu0.3)
Ubuntu 12.04 LTS (Precise Pangolin):released (1:1.4.4-1ubuntu0.2)
Ubuntu 12.10 (Quantal Quetzal):released (1:1.4.5-2ubuntu0.12.10.2)
Ubuntu 13.10 (Saucy Salamander):released (1:1.4.6-1ubuntu0.2)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (1:1.4.7-1)
Ubuntu 14.10 (Utopic Unicorn):not-affected (1:1.4.7-1)
Patches:
Upstream:http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=0f1a5d372c143f91a602bdf10c917d7eabaee09b
Upstream:http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=c578408c1fd4db09e4e3173f8a9e65c81cc187c1
Upstream:http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=a42f707f8a62973f5e8bbcd08afb10a79e9cee33
More Information

Valid XHTML 1.0 Strict

Updated: 2014-05-16 03:14:42 UTC (commit 8064)