CVE-2014-0209
EPSS 0.17%libxfont - security update
發布日:2014/5/15修改日:2026/4/28
描述
Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata.
受影響套件(2)
- Debian/libxfontfrom 0, < 1:1.4.7-2
- Debian/libxfontfrom 0, < 1:1.4.1-5