Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont 1.1 through 1.4.6 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in a character name in a BDF font file.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | libXfont | 2014-02-03 15:26 | ALAS-2014-282 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv2 | 6.9 | AV:L/AC:M/Au:N/C:C/I:C/A:C |
NVD | CVSSv2 | 9.3 | AV:N/AC:M/Au:N/C:C/I:C/A:C |