Vigil@nce - libXfont: three vulnerabilities of BDF
April 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of BDF of libXfont.
Impacted products: Debian, Fedora, MBS, OpenBSD, openSUSE, Ubuntu,
Unix (platform), XOrg Bundle
Severity: 2/4
Creation date: 17/03/2015
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in libXfont.
An attacker can generate an integer overflow in bdfReadProperties,
in order to trigger a denial of service, and possibly to execute
code. [severity:2/4; CVE-2015-1802]
An attacker can force a read at an invalid address in
bdfReadCharacters, in order to trigger a denial of service.
[severity:1/4; CVE-2015-1803]
An attacker can generate an integer overflow in bdfReadCharacters,
in order to trigger a denial of service, and possibly to execute
code. [severity:2/4; CVE-2015-1804]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/libXfont-three-vulnerabilities-of-BDF-16405