CVE-2013-6462

Public on 2014-01-09

Modified on 2014-09-16

Description

Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont 1.1 through 1.4.6 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in a character name in a BDF font file.

Severity

Important

See what this means

CVSS v3 Base Score

6.9

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory
Amazon Linux 1	libXfont	2014-02-03 15:26	ALAS-2014-282

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv2	6.9	AV:L/AC:M/Au:N/C:C/I:C/A:C
NVD	CVSSv2	9.3	AV:N/AC:M/Au:N/C:C/I:C/A:C

References

Red Hat: CVE-2013-6462 Mitre: CVE-2013-6462 FAQs regarding Amazon Linux ALAS/CVE Severity