7.5

CVE-2008-0006

EPSS 29.27%
Published 18.01.2008 23:00:00
Last modified 09.04.2025 00:30:58
Source secalert@redhat.com
Teams watchlist Login
Open Login

Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in the PCF_BDF_ENCODINGS table.

Affected products Warnungen 0 Metrics 2 CWE 1 References 70

Data is provided by the National Vulnerability Database (NVD)

Sun ≫ Solaris Libfont

Sun ≫ Solaris Libxfont

X.Org ≫ Xserver Version <= 1.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	29.27%	0.961

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://docs.info.apple.com/article.html?artnum=307562

http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html

http://www.vupen.com/english/advisories/2008/0924/references

http://secunia.com/advisories/29420

http://secunia.com/advisories/30161

http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml

http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html

http://secunia.com/advisories/29622

http://www.mandriva.com/security/advisories?name=MDVSA-2008:022

http://secunia.com/advisories/28536

Vendor Advisory

http://secunia.com/advisories/28542

Vendor Advisory

http://www.redhat.com/support/errata/RHSA-2008-0029.html

http://www.redhat.com/support/errata/RHSA-2008-0030.html

http://www.vupen.com/english/advisories/2008/0703

http://bugs.gentoo.org/show_bug.cgi?id=204362

http://lists.freedesktop.org/archives/xorg/2008-January/031918.html

Patch

http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00004.html

http://secunia.com/advisories/28273

Vendor Advisory

http://secunia.com/advisories/28532

Vendor Advisory

http://secunia.com/advisories/28535

Vendor Advisory

http://secunia.com/advisories/28540

Vendor Advisory

http://secunia.com/advisories/28550

Vendor Advisory

http://secunia.com/advisories/28592

Vendor Advisory

http://secunia.com/advisories/28718

http://secunia.com/advisories/28843

http://secunia.com/advisories/28885

http://secunia.com/advisories/28941

http://secunia.com/advisories/29707

http://security.gentoo.org/glsa/glsa-200801-09.xml

http://security.gentoo.org/glsa/glsa-200804-05.xml

http://securitytracker.com/id?1019232

http://www.openbsd.org/errata41.html#012_xorg

http://www.openbsd.org/errata42.html#006_xorg

http://www.securityfocus.com/archive/1/487335/100/0/threaded

http://www.securityfocus.com/bid/27336

Patch

http://www.vupen.com/english/advisories/2008/0179

http://www.vupen.com/english/advisories/2008/0184

http://www.vupen.com/english/advisories/2008/0497/references

https://issues.rpath.com/browse/RPL-2010

https://usn.ubuntu.com/571-1/

https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00641.html

https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00704.html

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321

http://secunia.com/advisories/32545

http://www.mandriva.com/security/advisories?name=MDVSA-2008:021

http://www.vupen.com/english/advisories/2008/3000

http://secunia.com/advisories/29139

http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX61&path=/200802/SECURITY/20080227/datafile112539&label=AIX%20X%20server%20multiple%20vulnerabilities

http://jvn.jp/en/jp/JVN88935101/index.html

http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001043.html

http://secunia.com/advisories/28500

Vendor Advisory

http://secunia.com/advisories/28544

Vendor Advisory

http://secunia.com/advisories/28571

Vendor Advisory

http://secunia.com/advisories/28621

Vendor Advisory

http://sunsolve.sun.com/search/document.do?assetkey=1-26-103192-1

Patch

http://sunsolve.sun.com/search/document.do?assetkey=1-26-201230-1

http://support.avaya.com/elmodocs2/security/ASA-2008-038.htm

http://support.avaya.com/elmodocs2/security/ASA-2008-077.htm

http://www.kb.cert.org/vuls/id/203220

US Government Resource

http://www.mandriva.com/security/advisories?name=MDVSA-2008:024

http://www.redhat.com/support/errata/RHSA-2008-0064.html

http://www.securityfocus.com/bid/27352

https://bugzilla.redhat.com/show_bug.cgi?id=428044

https://exchange.xforce.ibmcloud.com/vulnerabilities/39767

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10021

https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00674.html

https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00771.html

https://nvd.nist.gov/vuln/detail/CVE-2008-0006

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-0006

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-0006

EUVD