Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2013-6462

Published: 7 January 2014

Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont 1.1 through 1.4.6 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in a character name in a BDF font file.

Priority

Medium

Status

Package Release Status
libxfont
Launchpad, Ubuntu, Debian
lucid
Released (1:1.4.1-1ubuntu0.2)
precise
Released (1:1.4.4-1ubuntu0.1)
quantal
Released (1:1.4.5-2ubuntu0.12.10.1)
raring
Released (1:1.4.5-2ubuntu0.13.04.1)
saucy
Released (1:1.4.6-1ubuntu0.1)
upstream Needs triage

Patches:
upstream: http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=4d024ac10f964f6bd372ae0dd14f02772a6e5f63