CVE-2017-13722

Published: 05 October 2017

In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server.

Priority

Medium

CVSS 3 base score: 7.1

Status

Package Release Status
libxfont
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus)
Released (1:1.5.1-1ubuntu0.16.04.3)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (1:1.4.7-1ubuntu0.3)
Patches:
Upstream: https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=672bb944311392e2415b39c0d63b1e1902905bcd
libxfont1
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

libxfont2
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus)
Released (1:2.0.1-3~ubuntu16.04.2)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist