Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2017-13722

Published: 5 October 2017

In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server.

Priority

Medium

CVSS 3 base score: 7.1

Status

Package Release Status
libxfont
Launchpad, Ubuntu, Debian
upstream Needs triage

precise Does not exist

trusty
Released (1:1.4.7-1ubuntu0.3)
xenial
Released (1:1.5.1-1ubuntu0.16.04.3)
zesty
Released (1:2.0.1-3ubuntu0.1)
Patches:
upstream: https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=672bb944311392e2415b39c0d63b1e1902905bcd
libxfont1
Launchpad, Ubuntu, Debian
upstream Needs triage

precise Does not exist

trusty Does not exist

xenial Does not exist

zesty
Released (1:1.5.2-4ubuntu0.1)
libxfont2
Launchpad, Ubuntu, Debian
upstream Needs triage

precise Does not exist

trusty Does not exist

xenial
Released (1:2.0.1-3~ubuntu16.04.2)
zesty Does not exist