CVE-2014-0209

Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:x:libxfont:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:x:libxfont:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:x:libxfont:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:x:libxfont:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:x:libxfont:1.4.5:*:*:*:*:*:*:*
cpe:2.3:a:x:libxfont:1.4.6:*:*:*:*:*:*:*
cpe:2.3:a:x:libxfont:1.2.7:*:*:*:*:*:*:*
cpe:2.3:a:x:libxfont:1.2.8:*:*:*:*:*:*:*
cpe:2.3:a:x:libxfont:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:x:libxfont:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:x:libxfont:1.4.99:*:*:*:*:*:*:*
cpe:2.3:a:x:libxfont:*:*:*:*:*:*:*:*
cpe:2.3:a:x:libxfont:1.4.4:*:*:*:*:*:*:*
cpe:2.3:a:x:libxfont:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:x:libxfont:1.3.3:*:*:*:*:*:*:*
cpe:2.3:a:x:libxfont:1.3.4:*:*:*:*:*:*:*
cpe:2.3:a:x:libxfont:1.2.9:*:*:*:*:*:*:*
cpe:2.3:a:x:libxfont:1.2.5:*:*:*:*:*:*:*
cpe:2.3:a:x:libxfont:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:x:libxfont:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:x:libxfont:1.4.3:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*

Information

Published : 2014-05-15 07:55

Updated : 2018-10-09 12:38


NVD link : CVE-2014-0209

Mitre link : CVE-2014-0209


JSON object : View

CWE
CWE-189

Numeric Errors

Advertisement

dedicated server usa

Products Affected

canonical

  • ubuntu_linux

x

  • libxfont