[Bug 1203719] New: CVE-2015-1804 libXfont: out-of-bounds memory access in bdfReadCharacters

bugzilla at redhat.com bugzilla at redhat.com
Thu Mar 19 14:14:03 UTC 2015


            Bug ID: 1203719
           Summary: CVE-2015-1804 libXfont: out-of-bounds memory access in
           Product: Security Response
         Component: vulnerability
          Keywords: Security
          Severity: medium
          Priority: medium
          Assignee: security-response-team at redhat.com
          Reporter: mprpic at redhat.com
                CC: btissoir at redhat.com,
                    fonts-bugs at lists.fedoraproject.org,
                    sandmann at redhat.com

The bdf parser read metrics values as 32-bit integers, but stored them into
16-bit integers. Overflows could occur in various operations leading to
out-of-bounds memory access.

A local user could exploit this issue to potentially execute arbitrary code
with the privileges of the X.Org server.

Upstream advisory:


Upstream patch:


You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=er2MnEzbkS&a=cc_unsubscribe

More information about the fonts-bugs mailing list