CVE-2014-0210
Published: 13 May 2014
Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info function.
Priority
Status
Package | Release | Status |
---|---|---|
libxfont Launchpad, Ubuntu, Debian |
Upstream |
Released
(1.4.8)
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Not vulnerable
(1:1.4.7-1)
|
|
Patches: Upstream: http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=891e084b26837162b12f841060086a105edde86d Upstream: http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=cbb64aef35960b2882be721f4b8fbaa0fb649d12 Upstream: http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=491291cabf78efdeec8f18b09e14726a9030cc8f Upstream: http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=a3f21421537620fc4e1f844a594a4bcd9f7e2bd8 Upstream: http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=520683652564c2a4e42328ae23eef9bb63271565 Upstream: http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=5fa73ac18474be3032ee7af9c6e29deab163ea39 Upstream: http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d338f81df1e188eb16e1d6aeea7f4800f89c1218 |
Notes
Author | Note |
---|---|
mdeslaur | trusty and later are built with --disable-fc, so this shouldn't be an issue. Adding patch anyway for completeness' sake. |