PublicDateAtUSN: 2015-03-18
Candidate: CVE-2015-1802
PublicDate: 2015-03-20 14:59:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1802
 http://www.openwall.com/lists/oss-security/2015/03/17/5
 https://ubuntu.com/security/notices/USN-2536-1
Description:
 The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before
 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a
 denial of service (out-of-bounds write and crash) or possibly execute
 arbitrary code via a (1) negative or (2) large property count in a BDF font
 file.
Ubuntu-Description: 
Notes: 
Bugs: 
Priority: medium
Discovered-by: Ilja van Sprundel, Alan Coopersmith, and William Robinet
Assigned-to: mdeslaur
CVSS: 

Patches_libxfont:
 upstream: http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=2deda9906480f9c8ae07b8c2a5510cc7e4c59a8e
upstream_libxfont: released (1.4.9,1.5.1)
lucid_libxfont: released (1:1.4.1-1ubuntu0.4)
precise_libxfont: released (1:1.4.4-1ubuntu0.3)
trusty_libxfont: released (1:1.4.7-1ubuntu0.2)
trusty/esm_libxfont: released (1:1.4.7-1ubuntu0.2)
utopic_libxfont: released (1:1.4.99.901-1ubuntu0.1)
devel_libxfont: released (1:1.4.99.901-1ubuntu1)