FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-25 11:22:49 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
28c575fa-784e-11e3-8249-001cc0380077	libXfont -- Stack buffer overflow in parsing of BDF font files in libXfont freedesktop.org reports: A BDF font file containing a longer than expected string can cause a buffer overflow on the stack. Testing in X servers built with Stack Protector restulted in an immediate crash when reading a user-proveded specially crafted font. As libXfont is used to read user-specified font files in all X servers distributed by X.Org, including the Xorg server which is often run with root privileges or as setuid-root in order to access hardware, this bug may lead to an unprivileged user acquiring root privileges in some systems. Discovery 2013-12-24 Entry 2014-01-08 libXfont < 1.4.7,1 CVE-2013-6462 http://lists.x.org/archives/xorg-announce/2014-January/002389.html

VuXML ID

Description

28c575fa-784e-11e3-8249-001cc0380077

libXfont -- Stack buffer overflow in parsing of BDF font files in libXfont

freedesktop.org reports:

A BDF font file containing a longer than expected string can cause a buffer overflow on the stack. Testing in X servers built with Stack Protector restulted in an immediate crash when reading a user-proveded specially crafted font.

As libXfont is used to read user-specified font files in all X servers distributed by X.Org, including the Xorg server which is often run with root privileges or as setuid-root in order to access hardware, this bug may lead to an unprivileged user acquiring root privileges in some systems.

Discovery 2013-12-24
Entry 2014-01-08
libXfont

< 1.4.7,1

CVE-2013-6462
http://lists.x.org/archives/xorg-announce/2014-January/002389.html