Bug#383353: libxfont1: PCF Integer Overflow Vulnerability

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#383353: libxfont1: PCF Integer Overflow Vulnerability
From: Stefan Fritsch <sf@sfritsch.de>
Date: Wed, 16 Aug 2006 20:21:24 +0200
Message-id: <[🔎] 20060816182124.6398.98521.reportbug@k.lan>
Reply-to: Stefan Fritsch <sf@sfritsch.de>, 383353@bugs.debian.org

Package: libxfont1
Version: 1:1.0.0-4
Severity: grave
Tags: security patch
Justification: user security hole

>From http://secunia.com/advisories/20100/:

A vulnerability has been reported in libXfont, which can be exploited by
malicious people to cause a DoS (Denial of Service) and potentially compromise
an application using the library.

The vulnerability is caused due to integer overflows within the PCF font file
parser. This can potentially be exploited to cause a heap-based buffer overflow
via a specially crafted font file.

See
https://bugs.freedesktop.org/show_bug.cgi?id=7535

Patch is at
http://bugs.freedesktop.org/attachment.cgi?id=6231

Reply to:

Follow-Ups:
- Bug#383353: marked as done (libxfont1: PCF Integer Overflow Vulnerability)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#383334: xorg-server_1:1.1.1-1(sparc/experimental): FTBFS: "Failed to link Mesa source tree"
Next by Date: Re: svn management, git, etc
Previous by thread: Bug#383334: xorg-server_1:1.1.1-1(sparc/experimental): FTBFS: "Failed to link Mesa source tree"
Next by thread: Bug#383353: marked as done (libxfont1: PCF Integer Overflow Vulnerability)
Index(es):
- Date
- Thread