https://bugzilla.redhat.com/show_bug.cgi?id=1203719
Bug ID: 1203719 Summary: CVE-2015-1804 libXfont: out-of-bounds memory access in bdfReadCharacters Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: mprpic@redhat.com CC: btissoir@redhat.com, fonts-bugs@lists.fedoraproject.org, sandmann@redhat.com
The bdf parser read metrics values as 32-bit integers, but stored them into 16-bit integers. Overflows could occur in various operations leading to out-of-bounds memory access.
A local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server.
Upstream advisory:
http://seclists.org/oss-sec/2015/q1/865
Upstream patch:
http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=2351c83a77a478b49cb...