4.6

CVE-2014-0209

EPSS 0.17%
Veröffentlicht 15.05.2014 14:55:07
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 16

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

X ≫ Libxfont Version <= 1.4.7

X ≫ Libxfont Version1.2.3

X ≫ Libxfont Version1.2.4

X ≫ Libxfont Version1.2.5

X ≫ Libxfont Version1.2.6

X ≫ Libxfont Version1.2.7

X ≫ Libxfont Version1.2.8

X ≫ Libxfont Version1.2.9

X ≫ Libxfont Version1.3.0

X ≫ Libxfont Version1.3.1

X ≫ Libxfont Version1.3.2

X ≫ Libxfont Version1.3.3

X ≫ Libxfont Version1.3.4

X ≫ Libxfont Version1.4.0

X ≫ Libxfont Version1.4.1

X ≫ Libxfont Version1.4.2

X ≫ Libxfont Version1.4.3

X ≫ Libxfont Version1.4.4

X ≫ Libxfont Version1.4.5

X ≫ Libxfont Version1.4.6

X ≫ Libxfont Version1.4.99

Canonical ≫ Ubuntu Linux Version10.04 Update- Editionlts

Canonical ≫ Ubuntu Linux Version12.04 Update- Editionlts

Canonical ≫ Ubuntu Linux Version12.10

Canonical ≫ Ubuntu Linux Version13.10

Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.17%	0.386

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

http://seclists.org/fulldisclosure/2014/Dec/23

http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

http://www.securityfocus.com/archive/1/534161/100/0/threaded

http://www.vmware.com/security/advisories/VMSA-2014-0012.html

http://advisories.mageia.org/MGASA-2014-0278.html

http://lists.opensuse.org/opensuse-updates/2014-05/msg00073.html

http://lists.x.org/archives/xorg-announce/2014-May/002431.html

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2014-1893.html

http://secunia.com/advisories/59154

http://www.debian.org/security/2014/dsa-2927

http://www.mandriva.com/security/advisories?name=MDVSA-2015:145

http://www.securityfocus.com/bid/67382

http://www.ubuntu.com/usn/USN-2211-1

https://nvd.nist.gov/vuln/detail/CVE-2014-0209

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-0209

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-0209

EUVD