Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-0210

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2014-0210
Last Modified 11 May 2015 10:00:11
Published 15 May 2014 10:55:07
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-0210

Summary

Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info function.

Vulnerable Systems

Operating System

  • Canonical Ubuntu Linux 10.04

  • Canonical Ubuntu Linux 12.04

  • Canonical Ubuntu Linux 12.10

  • Canonical Ubuntu Linux 13.10

  • Canonical Ubuntu Linux 14.04

Application

  • Libxfont 1.2.3

  • Libxfont 1.2.4

  • Libxfont 1.2.5

  • Libxfont 1.2.6

  • Libxfont 1.2.7

  • Libxfont 1.2.8

  • Libxfont 1.2.9

  • Libxfont 1.3.0

  • Libxfont 1.3.1

  • Libxfont 1.3.2

  • Libxfont 1.3.3

  • Libxfont 1.3.4

  • Libxfont 1.4.0

  • Libxfont 1.4.1

  • Libxfont 1.4.2

  • Libxfont 1.4.3

  • Libxfont 1.4.4

  • Libxfont 1.4.5

  • Libxfont 1.4.6

  • Libxfont 1.4.7

  • Libxfont 1.4.99


References

UBUNTU - USN-2211-1

DEBIAN - DSA-2927

MLIST - [xorg-announce] 20140513 [ANNOUNCE] X.Org Security Advisory: Multiple issues in libXfont

SUSE - openSUSE-SU-2014:0711

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

REDHAT - RHSA-2014:1893

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2014-0012.html

BUGTRAQ - 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities

MANDRIVA - MDVSA-2015:145

CONFIRM - http://advisories.mageia.org/MGASA-2014-0278.html

Related Patches

SUN125719-55 Solaris 10 SPARC: X11 6.8.0: Xorg server patch

SUN125720-66 Solaris 10 x86: X11 6.8.0: Xorg server patch


Last Updated: 27 May 2016 11:08:13