QwikSec

Security Database

CVE

CWE

Training

CVE-2014-0209

Published: May 15, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.vmware.com/security/advisories/VMSA-2014-0012.html

x_refsource_CONFIRM

openSUSE-SU-2014:0711

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_UBUNTU

third-party-advisory

x_refsource_SECUNIA

20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities

mailing-list

x_refsource_BUGTRAQ

vendor-advisory

x_refsource_DEBIAN

vendor-advisory

x_refsource_REDHAT

vdb-entry

x_refsource_BID

http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

x_refsource_CONFIRM

[xorg-announce] 20140513 [ANNOUNCE] X.Org Security Advisory: Multiple issues in libXfont

mailing-list

x_refsource_MLIST

20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities

mailing-list

x_refsource_FULLDISC

vendor-advisory

x_refsource_MANDRIVA

http://advisories.mageia.org/MGASA-2014-0278.html

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.