CVE-2013-6462

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont 1.1 through 1.4.6 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in a character name in a BDF font file.

References

http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=4d024ac10f964f6bd372ae0dd14f02772a6e5f63

http://lists.opensuse.org/opensuse-updates/2014-01/msg00050.html

http://lists.opensuse.org/opensuse-updates/2014-01/msg00052.html

http://lists.x.org/archives/xorg-announce/2014-January/002389.html

http://osvdb.org/101842

http://rhn.redhat.com/errata/RHSA-2014-0018.html

http://seclists.org/oss-sec/2014/q1/33

http://secunia.com/advisories/56240

http://secunia.com/advisories/56336

http://secunia.com/advisories/56357

http://secunia.com/advisories/56371

http://www.debian.org/security/2014/dsa-2838

http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html

http://www.securityfocus.com/bid/64694

http://www.ubuntu.com/usn/USN-2078-1

https://exchange.xforce.ibmcloud.com/vulnerabilities/90123

Details

Source: MITRE

Published: 2014-01-09

Updated: 2017-08-29

Type: CWE-119

Risk Information

CVSS v2

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:x:libxfont:1.1.0:*:*:*:*:*:*:*

cpe:2.3:a:x:libxfont:1.2.0:*:*:*:*:*:*:*

cpe:2.3:a:x:libxfont:1.2.1:*:*:*:*:*:*:*

cpe:2.3:a:x:libxfont:1.2.2:*:*:*:*:*:*:*

cpe:2.3:a:x:libxfont:1.2.3:*:*:*:*:*:*:*

cpe:2.3:a:x:libxfont:1.2.4:*:*:*:*:*:*:*

cpe:2.3:a:x:libxfont:1.2.5:*:*:*:*:*:*:*

cpe:2.3:a:x:libxfont:1.2.6:*:*:*:*:*:*:*

cpe:2.3:a:x:libxfont:1.2.7:*:*:*:*:*:*:*

cpe:2.3:a:x:libxfont:1.2.8:*:*:*:*:*:*:*

cpe:2.3:a:x:libxfont:1.2.9:*:*:*:*:*:*:*

cpe:2.3:a:x:libxfont:1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:x:libxfont:1.3.1:*:*:*:*:*:*:*

cpe:2.3:a:x:libxfont:1.3.2:*:*:*:*:*:*:*

cpe:2.3:a:x:libxfont:1.3.3:*:*:*:*:*:*:*

cpe:2.3:a:x:libxfont:1.3.4:*:*:*:*:*:*:*

cpe:2.3:a:x:libxfont:1.4.0:*:*:*:*:*:*:*

cpe:2.3:a:x:libxfont:1.4.1:*:*:*:*:*:*:*

cpe:2.3:a:x:libxfont:1.4.2:*:*:*:*:*:*:*

cpe:2.3:a:x:libxfont:1.4.3:*:*:*:*:*:*:*

cpe:2.3:a:x:libxfont:1.4.4:*:*:*:*:*:*:*

cpe:2.3:a:x:libxfont:1.4.5:*:*:*:*:*:*:*

cpe:2.3:a:x:libxfont:1.4.6:*:*:*:*:*:*:*

Tenable Plugins

View all (16 total)

IDNameProductFamilySeverity
80820Oracle Solaris Third-Party Patch Update : xorg (cve_2013_6462_buffer_errors)NessusSolaris Local Security Checks
high
79557OracleVM 3.3 : libXfont (OVMSA-2014-0080)NessusOracleVM Local Security Checks
high
75391openSUSE Security Update : libXfont (openSUSE-SU-2014:0073-1)NessusSuSE Local Security Checks
high
73596Oracle Secure Global Desktop Multiple Vulnerabilities (April 2014 CPU)NessusMisc.
high
72637GLSA-201402-23 : libXfont: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
72456SuSE 11.2 / 11.3 Security Update : xorg-x11 (SAT Patch Numbers 8723 / 8724)NessusSuSE Local Security Checks
high
72300Amazon Linux AMI : libXfont (ALAS-2014-282)NessusAmazon Linux Local Security Checks
high
72081Mandriva Linux Security Advisory : libxfont (MDVSA-2014:013)NessusMandriva Local Security Checks
high
71929Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : libXfont (SSA:2014-013-01)NessusSlackware Local Security Checks
high
71910Scientific Linux Security Update : libXfont on SL5.x, SL6.x i386/x86_64 (20140110)NessusScientific Linux Local Security Checks
high
71909RHEL 5 / 6 : libXfont (RHSA-2014:0018)NessusRed Hat Local Security Checks
high
71908Oracle Linux 5 / 6 : libxfont (ELSA-2014-0018)NessusOracle Linux Local Security Checks
high
71901CentOS 5 / 6 : libXfont (CESA-2014:0018)NessusCentOS Local Security Checks
high
71874FreeBSD : libXfont -- Stack buffer overflow in parsing of BDF font files in libXfont (28c575fa-784e-11e3-8249-001cc0380077)NessusFreeBSD Local Security Checks
high
71855Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 / 13.10 : libxfont vulnerability (USN-2078-1)NessusUbuntu Local Security Checks
high
71850Debian DSA-2838-1 : libxfont - buffer overflowNessusDebian Local Security Checks
high