SB2014051419 - Input validation error in libxfont (Alpine package)
Published: May 14, 2014
Security Bulletin ID
SB2014051419
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2014-0211)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=0c9f25da7cad183991206441ffd79f4f5b67cf1c
- https://git.alpinelinux.org/aports/commit/?id=1476a4f2f4f84290a60b64a79123454f8227f80a
- https://git.alpinelinux.org/aports/commit/?id=29880316e4d89974619a59348463b0c4a9bfd613
- https://git.alpinelinux.org/aports/commit/?id=57ccd1954ce23cc940ad1c1e29cbf4919d516d8a