Approved changes feed: RSS · Atom
cpe:2.3:a:x.org:libxfont:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | X.Org (4cd053ee-09df-594a-873d-dbd09ec2f899) |
|---|---|
| Product | Libxfont (9bc4fc65-d0d8-5ec7-9df4-f528e8909cca) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2017-13722 |
vulnerable | 2026-06-03 14:36:38.003700 |
Details available
In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server.
Published: 2017-10-11T17:00:00.000Z
Updated: 2024-08-05T19:05:20.022Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-13720 |
vulnerable | 2026-06-03 14:36:38.001367 |
Details available
In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash (denial of service). This occurs because '\0' characters are incorrectly skipped in situations involving ? characters.
Published: 2017-10-11T17:00:00.000Z
Updated: 2024-08-05T19:05:20.077Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.