Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1803

Overview

Vulnerability Score 8.5 8.5
CVE Id CVE-2015-1803
Last Modified 16 Jul 2015 10:02:11
Published 20 Mar 2015 10:59:02
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2015-1803

Summary

The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a crafted BDF font file.

Vulnerable Systems

Operating System

  • Canonical Ubuntu Linux 10.04

  • Canonical Ubuntu Linux 12.04

  • Canonical Ubuntu Linux 14.04

  • Canonical Ubuntu Linux 14.10

  • Debian Linux 7.0

Application

  • Libxfont 1.4.8

  • Libxfont 1.5.0


References

MISC - http://www.x.org/wiki/Development/Security/Advisory-2015-03-17/

UBUNTU - USN-2536-1

DEBIAN - DSA-3194

SECTRACK - 1031935

FEDORA - FEDORA-2015-4230

FEDORA - FEDORA-2015-4199

SUSE - openSUSE-SU-2015:0614

SUSE - SUSE-SU-2015:0674

SUSE - SUSE-SU-2015:0702

MANDRIVA - MDVSA-2015:145

CONFIRM - http://advisories.mageia.org/MGASA-2015-0113.html

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html


Last Updated: 27 May 2016 11:08:40