Buffer Over-Read Vulnerability in LibXfont Affects Multiple Versions
CVE-2017-13722

7.1HIGH

Key Information:

Vendor

X.org

Status
Libxfont
Vendor
CVE Published:
11 October 2017

What is CVE-2017-13722?

The pcfGetProperties function in the LibXfont library (versions up to 1.5.2 and 2.x prior to 2.0.2) contains a flaw due to missing boundary checks for PCF files. This vulnerability can be exploited by local attackers who are authenticated to an X server to perform a buffer over-read, potentially leading to information disclosure or instability resulting in a crash of the X server. Addressing this issue is crucial to maintaining the security and reliability of systems utilizing the affected versions of LibXfont.

References

https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id...
x_refsource_CONFIRM
http://www.debian.org/security/2017/dsa-3995
vendor-advisoryx_refsource_DEBIAN
https://www.x.org/releases/individual/lib/libXfont2-2.0.2...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.