GCVE - cpe:2.3:a:x:libxfont:1.5.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:x:libxfont:1.5.0:*:*:*:*:*:*:*

part: a version: 1.5.0 update: *

Vendor	X (`a2acdb6f-4f26-543b-8294-d5d6397c9211`)
Product	Libxfont (`67462931-b5b2-55f6-9260-18cb2182eec6`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/libxfont`	purl2cpe	2026-06-01 10:12:31.286794
`pkg:deb/ubuntu/libxfont`	purl2cpe	2026-06-01 10:12:31.286795
`pkg:github/freedesktop/libxfont`	purl2cpe	2026-06-01 10:12:31.286796
`pkg:github/freedesktop/xorg-libxfont`	purl2cpe	2026-06-01 10:12:31.286798
`pkg:github/val-verde/libxfont`	purl2cpe	2026-06-01 10:12:31.286799
`pkg:rpm/centos/libxfont`	purl2cpe	2026-06-01 10:12:31.286800
`pkg:rpm/fedora/libxfont`	purl2cpe	2026-06-01 10:12:31.286802
`pkg:rpm/opensuse/libxfont`	purl2cpe	2026-06-01 10:12:31.286803

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2015-1804`	vulnerable	2026-06-03 14:34:40.144606	Details available The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via a crafted BDF font file. Published: 2015-03-20T14:00:00.000Z Updated: 2024-08-06T04:54:16.301Z Open on db.gcve.eu Reference links http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html https://security.gentoo.org/glsa/201507-21 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00002.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00074.html http://www.ubuntu.com/usn/USN-2536-1	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-1803`	vulnerable	2026-06-03 14:34:40.144082	Details available The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a crafted BDF font file. Published: 2015-03-20T14:00:00.000Z Updated: 2024-08-06T04:54:16.182Z Open on db.gcve.eu Reference links http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html https://security.gentoo.org/glsa/201507-21 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00002.html http://www.ubuntu.com/usn/USN-2536-1 http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152838.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-1802`	vulnerable	2026-06-03 14:34:40.143271	Details available The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a (1) negative or (2) large property count in a BDF font file. Published: 2015-03-20T14:00:00.000Z Updated: 2024-08-06T04:54:16.071Z Open on db.gcve.eu Reference links http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html https://security.gentoo.org/glsa/201507-21 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00002.html http://www.securityfocus.com/bid/73277 http://www.ubuntu.com/usn/USN-2536-1	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.