Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2015-1803

The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a crafted BDF font file.

Related bugs and status

CVE-2015-1803 (Candidate) is related to these bugs:

Bug #1433214: execution security issue

Summary				In	Importance	Status
	1433214	execution security issue		libxfont (Ubuntu)	Undecided	Fix Released

Bug #1453989: Sync libxfont 1:1.5.1-1 (main) from Debian unstable (main)

Summary				In	Importance	Status
	1453989	Sync libxfont 1:1.5.1-1 (main) from Debian unstable (main)		libxfont (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://www.x.org/wiki/...
DEBIAN: DSA-3194
UBUNTU: USN-2536-1
FEDORA: FEDORA-2015-4230
SECTRACK: 1031935
FEDORA: FEDORA-2015-4199
SUSE: openSUSE-SU-2015:0614
SUSE: SUSE-SU-2015:0674
SUSE: SUSE-SU-2015:0702
CONFIRM: http://advisories.mage...
MANDRIVA: MDVSA-2015:145
CONFIRM: http://www.oracle.com/...
CONFIRM: http://www.oracle.com/...
GENTOO: GLSA-201507-21
REDHAT: RHSA-2015:1708
BID: 73280