LibXfont, monolithic Multiple integer overflows — GLSA 200609-07

Some buffer overflows were discovered in the CID font parser, potentially resulting in the execution of arbitrary code with elevated privileges.

Affected packages

x11-libs/libXfont on all architectures
Affected versions < 1.2.1
Unaffected versions >= 1.2.1
x11-base/xorg-x11 on all architectures
Affected versions < 7.0
Unaffected versions >= 7.0


libXfont is the X.Org Xfont library, some parts are based on the FreeType code base.


Several integer overflows have been found in the CID font parser.


A remote attacker could exploit this vulnerability by enticing a user to load a malicious font file resulting in the execution of arbitrary code with the permissions of the user running the X server which typically is the root user. A local user could exploit this vulnerability to gain elevated privileges.


Disable CID-encoded Type 1 fonts by removing the "type1" module and replacing it with the "freetype" module in xorg.conf.


All libXfont users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=x11-libs/libXfont-1.2.1"

All monolithic users are advised to migrate to modular


Release date
September 13, 2006

Latest revision
September 13, 2006: 01


local and remote

Bugzilla entries