CVE-2004-0083

NONE EPSS 97.3%
Published Mar 3, 200422y ago · Modified Jun 16, 20262w ago
Find Similar
Published Mar 3, 2004 22y ago
Last Modified Jun 16, 2026 2w ago

Description

Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106.

Threat Intelligence

EPSS Exploit Probability
97.3% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Affected Products 9

VendorProductVersionRange
xfree86_projectx11r64.1.0any
xfree86_projectx11r64.1.11any
xfree86_projectx11r64.1.12any
xfree86_projectx11r64.2.0any
xfree86_projectx11r64.2.1any
xfree86_projectx11r64.2.1any
xfree86_projectx11r64.3.0any
openbsdopenbsd3.3any
openbsdopenbsd3.4any

References 21

  • distro.conectiva.com.br http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821
  • marc.info http://marc.info/?l=bugtraq&m=107644835523678&w=2
  • marc.info http://marc.info/?l=bugtraq&m=107653324115914&w=2
  • marc.info http://marc.info/?l=bugtraq&m=110979666528890&w=2
  • security.gentoo.org http://security.gentoo.org/glsa/glsa-200402-02.xml
    Vendor Advisory
  • sunsolve.sun.com http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1
  • debian.org http://www.debian.org/security/2004/dsa-443
  • idefense.com http://www.idefense.com/application/poi/display?id=72
  • kb.cert.org http://www.kb.cert.org/vuls/id/820006
    US Government Resource
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2004:012
  • novell.com http://www.novell.com/linux/security/advisories/2004_06_xf86.html
  • redhat.com http://www.redhat.com/support/errata/RHSA-2004-059.html
  • redhat.com http://www.redhat.com/support/errata/RHSA-2004-060.html
  • redhat.com http://www.redhat.com/support/errata/RHSA-2004-061.html
  • securityfocus.com http://www.securityfocus.com/bid/9636
    ExploitPatchVendor Advisory
  • slackware.com http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405053
  • xfree86.org http://www.xfree86.org/cvs/changes
    Vendor Advisory
  • exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/15130
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A806
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A830
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9612

Remediation