Denial of Service Vulnerability in X.Org libXfont by Vendor X.Org
CVE-2015-1803

Currently unrated

Key Information:

Vendor: Canonical
Status: Ubuntu Linux; Debian Linux
Vendor: CVE Published:; 20 March 2015

Summary

The bdfReadCharacters function in the X.Org libXfont library fails to properly handle character bitmaps that it cannot read. This flaw can be exploited by remote authenticated users to trigger a denial of service condition, leading to a NULL pointer dereference and application crash. Additionally, there may be a possibility of executing arbitrary code when processing a specially crafted BDF font file.

References

http://www.oracle.com/technetwork/topics/security/cpujul2...

x_refsource_CONFIRM

https://security.gentoo.org/glsa/201507-21

vendor-advisoryx_refsource_GENTOO

http://lists.opensuse.org/opensuse-security-announce/2015...

vendor-advisoryx_refsource_SUSE

Timeline

Vulnerability published
Mar 20, 2015
Vulnerability Reserved
Feb 17, 2015