CVE-2014-0210

NONE EPSS 90.0%
Published May 15, 201412y ago · Modified Jun 17, 20262w ago
Find Similar
Published May 15, 2014 12y ago
Last Modified Jun 17, 2026 2w ago

Description

Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info function.

Threat Intelligence

EPSS Exploit Probability
90.0% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Memory Safety

Affected Products 26

VendorProductVersionRange
xlibxfont* ≤1.4.7
xlibxfont1.2.3any
xlibxfont1.2.4any
xlibxfont1.2.5any
xlibxfont1.2.6any
xlibxfont1.2.7any
xlibxfont1.2.8any
xlibxfont1.2.9any
xlibxfont1.3.0any
xlibxfont1.3.1any
xlibxfont1.3.2any
xlibxfont1.3.3any
xlibxfont1.3.4any
xlibxfont1.4.0any
xlibxfont1.4.1any
xlibxfont1.4.2any
xlibxfont1.4.3any
xlibxfont1.4.4any
xlibxfont1.4.5any
xlibxfont1.4.6any
xlibxfont1.4.99any
canonicalubuntu_linux10.04any
canonicalubuntu_linux12.04any
canonicalubuntu_linux12.10any
canonicalubuntu_linux13.10any
canonicalubuntu_linux14.04any

References 13

  • advisories.mageia.org http://advisories.mageia.org/MGASA-2014-0278.html
  • lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2014-05/msg00073.html
  • lists.x.org http://lists.x.org/archives/xorg-announce/2014-May/002431.html
    Vendor Advisory
  • rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2014-1893.html
  • seclists.org http://seclists.org/fulldisclosure/2014/Dec/23
  • secunia.com http://secunia.com/advisories/59154
  • debian.org http://www.debian.org/security/2014/dsa-2927
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDVSA-2015:145
  • oracle.com http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
  • securityfocus.com http://www.securityfocus.com/archive/1/534161/100/0/threaded
  • securityfocus.com http://www.securityfocus.com/bid/67382
  • ubuntu.com http://www.ubuntu.com/usn/USN-2211-1
  • vmware.com http://www.vmware.com/security/advisories/VMSA-2014-0012.html

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.