FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2013-6462

This CVE name corresponds to:

Entered Topic
2014-01-08 libXfont -- Stack buffer overflow in parsing of BDF font files in libXfont

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2013-6462 at cve.mitre.org

Details

Type Candidate
Name CVE-2013-6462
Phase Assigned(20131104)

Description

Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont 1.1 through 1.4.6 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in a character name in a BDF font file.

References

Source Reference
MLIST [oss-security] 20140107 Fwd: X.Org Security Advisory: CVE-2013-6462: Stack buffer overflow in parsing of BDF font files in libXfont
MLIST [xorg-announce] 20140107 X.Org Security Advisory: CVE-2013-6462: Stack buffer overflow in parsing of BDF font files in libXfont
CONFIRM http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=4d024ac10f964f6bd372ae0dd14f02772a6e5f63
CONFIRM http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
DEBIAN DSA-2838
REDHAT RHSA-2014:0018
SUSE openSUSE-SU-2014:0073
SUSE openSUSE-SU-2014:0075
UBUNTU USN-2078-1
BID 64694
OSVDB 101842
SECUNIA 56240
SECUNIA 56336
SECUNIA 56357
SECUNIA 56371
XF libxfont-cve20136462-bo(90123)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.