[Bug 1203715] New: CVE-2015-1802 libXfont: missing range check in bdfReadProperties

List overview All Threads
Download

newer

older

[Bug 1203719] New: CVE-2015-1804...

Broken dependencies:...

Red Hat Bugzilla

19 Mar 2015 19 Mar '15

2:08 p.m.

https://bugzilla.redhat.com/show_bug.cgi?id=1203715

Bug ID: 1203715 Summary: CVE-2015-1802 libXfont: missing range check in bdfReadProperties Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: mprpic@redhat.com CC: btissoir@redhat.com, fonts-bugs@lists.fedoraproject.org, sandmann@redhat.com

The bdf parser reads a count for the number of properties defined in a font from the font file, and allocates arrays with entries for each property based on that count. It never checked to see if that count was negative, or large enough to overflow when multiplied by the size of the structures being allocated, and could thus allocate the wrong buffer size, leading to out of bounds writes.

A local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server.

Upstream advisory:

http://seclists.org/oss-sec/2015/q1/865

Upstream patch:

http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=2deda9906480f9c8ae0...

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=lX6DTEkBbs&a=cc_unsubscribe

Show replies by date

Red Hat Bugzilla

19 Mar 19 Mar

2:14 p.m.

New subject: [Bug 1203715] CVE-2015-1802 libXfont: missing range check in bdfReadProperties

https://bugzilla.redhat.com/show_bug.cgi?id=1203715

Martin Prpic mprpic@redhat.com changed:

What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1203720

--- Comment #1 from Martin Prpic mprpic@redhat.com ---

Created libXfont tracking bugs for this issue:

Affects: fedora-all [bug 1203720]

Referenced Bugs:

https://bugzilla.redhat.com/show_bug.cgi?id=1203720 [Bug 1203720] CVE-2015-1802 libXfont: missing range check in bdfReadProperties [fedora-all]

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=OA9XBKcjZV&a=cc_unsubscribe

Red Hat Bugzilla

2:17 p.m.

New subject: [Bug 1203715] CVE-2015-1802 libXfont: missing range check in bdfReadProperties

https://bugzilla.redhat.com/show_bug.cgi?id=1203715

Martin Prpic mprpic@redhat.com changed:

What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1203722

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=YgDKSJxUsz&a=cc_unsubscribe

Red Hat Bugzilla

23 Mar 23 Mar

7:17 a.m.

New subject: [Bug 1203715] CVE-2015-1802 libXfont: missing range check in bdfReadProperties

https://bugzilla.redhat.com/show_bug.cgi?id=1203715 Bug 1203715 depends on bug 1203720, which changed state.

Bug 1203720 Summary: CVE-2015-1804 CVE-2015-1802 CVE-2015-1803 libXfont: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1203720

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=aRlffKhAwY&a=cc_unsubscribe

Red Hat Bugzilla

7:17 a.m.

New subject: [Bug 1203715] CVE-2015-1802 libXfont: missing range check in bdfReadProperties

https://bugzilla.redhat.com/show_bug.cgi?id=1203715

--- Comment #2 from Fedora Update System updates@fedoraproject.org --- libXfont-1.5.1-1.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=8TBADR41k0&a=cc_unsubscribe

Red Hat Bugzilla

31 Mar 31 Mar

7:54 a.m.

New subject: [Bug 1203715] CVE-2015-1802 libXfont: missing range check in bdfReadProperties

https://bugzilla.redhat.com/show_bug.cgi?id=1203715

Stefan Cornelius scorneli@redhat.com changed:

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=PMZvQWJUrK&a=cc_unsubscribe

Red Hat Bugzilla

9 Apr 9 Apr

11:23 a.m.

New subject: [Bug 1203715] CVE-2015-1802 libXfont: missing range check in bdfReadProperties

https://bugzilla.redhat.com/show_bug.cgi?id=1203715

Stefan Cornelius scorneli@redhat.com changed:

--- Doc Text *updated* --- An integer overflow flaw was found in the way libXfont processed certain Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user could exploit this issue to crash the X.Org server or potentially execute arbitrary code with the privileges of the X.Org server.

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=pXXGQD6nSN&a=cc_unsubscribe

Red Hat Bugzilla

11:40 a.m.

New subject: [Bug 1203715] CVE-2015-1802 libXfont: missing range check in bdfReadProperties

https://bugzilla.redhat.com/show_bug.cgi?id=1203715

Stefan Cornelius scorneli@redhat.com changed:

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=1tsTsWMxn5&a=cc_unsubscribe

Red Hat Bugzilla

10 Apr 10 Apr

2:25 p.m.

New subject: [Bug 1203715] CVE-2015-1802 libXfont: missing range check in bdfReadProperties

https://bugzilla.redhat.com/show_bug.cgi?id=1203715

--- Doc Text *updated* by Martin Prpic mprpic@redhat.com --- An integer overflow flaw was found in the way libXfont processed certain Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with the privileges of the X.Org server.

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=wGV9KH5xaJ&a=cc_unsubscribe

Red Hat Bugzilla

1 Sep 1 Sep

2:18 p.m.

New subject: [Bug 1203715] CVE-2015-1802 libXfont: missing range check in bdfReadProperties

https://bugzilla.redhat.com/show_bug.cgi?id=1203715

Stefan Cornelius scorneli@redhat.com changed:

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=Ip7NrtjWf9&a=cc_unsubscribe _______________________________________________ fonts-bugs mailing list fonts-bugs@lists.fedoraproject.org http://lists.fedoraproject.org/postorius/fonts-bugs@lists.fedoraproject.org

Red Hat Bugzilla

3 Sep 3 Sep

12:26 p.m.

New subject: [Bug 1203715] CVE-2015-1802 libXfont: missing range check in bdfReadProperties

https://bugzilla.redhat.com/show_bug.cgi?id=1203715

--- Comment #4 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:

Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 6

Via RHSA-2015:1708 https://rhn.redhat.com/errata/RHSA-2015-1708.html

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=JSx9f5fxy8&a=cc_unsubscribe _______________________________________________ fonts-bugs mailing list fonts-bugs@lists.fedoraproject.org http://lists.fedoraproject.org/postorius/fonts-bugs@lists.fedoraproject.org

Red Hat Bugzilla

7 Sep 7 Sep

6:07 a.m.

New subject: [Bug 1203715] CVE-2015-1802 libXfont: missing range check in bdfReadProperties

https://bugzilla.redhat.com/show_bug.cgi?id=1203715

ddu@redhat.com changed:

What |Removed |Added ---------------------------------------------------------------------------- CC| |ddu@redhat.com

--- Comment #5 from ddu@redhat.com --- Hi guys,

Does this problem CVE affect libXfont shipped with RHEL5?

Best regards, Dapeng

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=y830lxNmXK&a=cc_unsubscribe _______________________________________________ fonts-bugs mailing list fonts-bugs@lists.fedoraproject.org http://lists.fedoraproject.org/postorius/fonts-bugs@lists.fedoraproject.org

Red Hat Bugzilla

1 Oct 1 Oct

9:29 a.m.

New subject: [Bug 1203715] CVE-2015-1802 libXfont: missing range check in bdfReadProperties

https://bugzilla.redhat.com/show_bug.cgi?id=1203715

Stefan Cornelius scorneli@redhat.com changed:

-- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=w5OXoSqon8&a=cc_unsubscribe

3727

Age (days ago)

3923

Last active (days ago)

fonts-bugs@lists.fedoraproject.org

12 comments

1 participants

tags (0)

participants (1)

Red Hat Bugzilla