LibXfont: Multiple integer overflows — GLSA 200609-04

A buffer overflow was discovered in the PCF font parser, potentially resulting in the execution of arbitrary code.

Affected Packages

x11-libs/libXfont on all architectures
Affected versions < 1.2.0-r1
Unaffected versions >= 1.2.0-r1

Background

libXfont is the X.Org Xfont library, some parts are based on the FreeType code base.

Description

Several integer overflows have been found in the PCF font parser.

Impact

A local attacker could possibly execute arbitrary code or crash the Xserver by enticing a user to load a specially crafted PCF font file.

Workaround

Do not use untrusted PCF Font files.

Resolution

All libXfont users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=x11-libs/libXfont-1.2.0-r1"

References

Release Date
September 06, 2006

Latest Revision
September 06, 2006: 01

Severity
normal

Exploitable
local

Bugzilla entries