Denial of Service Vulnerability in X.Org libXfont by Vendor X.Org
CVE-2015-1803

Currently unrated

Key Information:

Vendor: Canonical
Status: Ubuntu Linux; Debian Linux
Vendor: CVE Published:; 20 March 2015

What is CVE-2015-1803?

The bdfReadCharacters function in the X.Org libXfont library fails to properly handle character bitmaps that it cannot read. This flaw can be exploited by remote authenticated users to trigger a denial of service condition, leading to a NULL pointer dereference and application crash. Additionally, there may be a possibility of executing arbitrary code when processing a specially crafted BDF font file.

References

http://www.oracle.com/technetwork/topics/security/cpujul2...

x_refsource_CONFIRM

https://security.gentoo.org/glsa/201507-21

vendor-advisoryx_refsource_GENTOO

http://lists.opensuse.org/opensuse-security-announce/2015...

vendor-advisoryx_refsource_SUSE

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 20, 2015
Vulnerability Reserved
Feb 17, 2015

Canonical

What is CVE-2015-1803?

References

Timeline