CVE-2014-0209
Description
Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata.
Risk Information
Base Score
8.4
MODERATE
Vector
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.169
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| X11 font rasterisation library (USN-2211-1) libxfont1_1.4.7-1ubuntu0.2_i386.deb | Linux |
| X11 font rasterisation library (USN-2211-1) libxfont1_1.4.7-1ubuntu0.2_amd64.deb | Linux |
| (RHSA-2014:1893) Important: libXfont security update libXfont-1.2.2-1.0.6.el5_11.i386.rpm | Linux |
| (RHSA-2014:1893) Important: libXfont security update libXfont-1.2.2-1.0.6.el5_11.x86_64.rpm | Linux |
| (RHSA-2014:1893) Important: libXfont security update libXfont-devel-1.2.2-1.0.6.el5_11.i386.rpm | Linux |
| (RHSA-2014:1893) Important: libXfont security update libXfont-devel-1.2.2-1.0.6.el5_11.x86_64.rpm | Linux |
| CVE-2014-0209 | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234