CVE-2014-0209

NONE EPSS 35.6%
Published May 15, 201412y ago · Modified Jun 17, 20262w ago
Find Similar
Published May 15, 2014 12y ago
Last Modified Jun 17, 2026 2w ago

Description

Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata.

Threat Intelligence

EPSS Exploit Probability
35.6% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-189

Affected Products 26

VendorProductVersionRange
xlibxfont* ≤1.4.7
xlibxfont1.2.3any
xlibxfont1.2.4any
xlibxfont1.2.5any
xlibxfont1.2.6any
xlibxfont1.2.7any
xlibxfont1.2.8any
xlibxfont1.2.9any
xlibxfont1.3.0any
xlibxfont1.3.1any
xlibxfont1.3.2any
xlibxfont1.3.3any
xlibxfont1.3.4any
xlibxfont1.4.0any
xlibxfont1.4.1any
xlibxfont1.4.2any
xlibxfont1.4.3any
xlibxfont1.4.4any
xlibxfont1.4.5any
xlibxfont1.4.6any
xlibxfont1.4.99any
canonicalubuntu_linux10.04any
canonicalubuntu_linux12.04any
canonicalubuntu_linux12.10any
canonicalubuntu_linux13.10any
canonicalubuntu_linux14.04any

References 13

  • advisories.mageia.org http://advisories.mageia.org/MGASA-2014-0278.html
  • lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2014-05/msg00073.html
  • lists.x.org http://lists.x.org/archives/xorg-announce/2014-May/002431.html
    Vendor Advisory
  • rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2014-1893.html
  • seclists.org http://seclists.org/fulldisclosure/2014/Dec/23
  • secunia.com http://secunia.com/advisories/59154
  • debian.org http://www.debian.org/security/2014/dsa-2927
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDVSA-2015:145
  • oracle.com http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
  • securityfocus.com http://www.securityfocus.com/archive/1/534161/100/0/threaded
  • securityfocus.com http://www.securityfocus.com/bid/67382
  • ubuntu.com http://www.ubuntu.com/usn/USN-2211-1
  • vmware.com http://www.vmware.com/security/advisories/VMSA-2014-0012.html

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.