CVE-2004-0084
NONE EPSS 97.6%
Published Mar 3, 200422y ago · Modified Jun 16, 20262w ago
Published Mar 3, 2004 22y ago
Last Modified Jun 16, 2026 2w ago
Description
Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CVE-2004-0083 and CVE-2004-0106.
Threat Intelligence
EPSS Exploit Probability
97.6% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Affected Products 9
| Vendor | Product | Version | Range |
|---|---|---|---|
| xfree86_project | x11r6 | 4.1.0 | any |
| xfree86_project | x11r6 | 4.1.11 | any |
| xfree86_project | x11r6 | 4.1.12 | any |
| xfree86_project | x11r6 | 4.2.0 | any |
| xfree86_project | x11r6 | 4.2.1 | any |
| xfree86_project | x11r6 | 4.2.1 | any |
| xfree86_project | x11r6 | 4.3.0 | any |
| openbsd | openbsd | 3.3 | any |
| openbsd | openbsd | 3.4 | any |
References 18
- distro.conectiva.com.br http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821
- marc.info http://marc.info/?l=bugtraq&m=107662833512775&w=2
- marc.info http://marc.info/?l=bugtraq&m=110979666528890&w=2
- sunsolve.sun.com http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1
- debian.org http://www.debian.org/security/2004/dsa-443
- idefense.com http://www.idefense.com/application/poi/display?id=73
- kb.cert.org http://www.kb.cert.org/vuls/id/667502
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2004:012
- novell.com http://www.novell.com/linux/security/advisories/2004_06_xf86.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2004-059.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2004-060.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2004-061.html
- securityfocus.com http://www.securityfocus.com/bid/9652
- slackware.com http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405053
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/15200
- oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10405
- oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A807
- oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A831
Remediation
- redhat.com http://www.redhat.com/support/errata/RHSA-2004-060.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2004-061.html
- securityfocus.com http://www.securityfocus.com/bid/9652