Описание
In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash (denial of service). This occurs because '\0' characters are incorrectly skipped in situations involving ? characters.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 1:2.0.1-3ubuntu1 |
| esm-infra-legacy/trusty | released | 1:1.4.7-1ubuntu0.3 |
| esm-infra/xenial | released | 1:1.5.1-1ubuntu0.16.04.3 |
| precise/esm | DNE | |
| trusty | released | 1:1.4.7-1ubuntu0.3 |
| trusty/esm | released | 1:1.4.7-1ubuntu0.3 |
| upstream | needs-triage | |
| vivid/ubuntu-core | DNE | |
| xenial | released | 1:1.5.1-1ubuntu0.16.04.3 |
| zesty | released | 1:2.0.1-3ubuntu0.1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 1:1.5.2-4ubuntu1 |
| esm-infra-legacy/trusty | DNE | |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | needs-triage | |
| vivid/ubuntu-core | DNE | |
| xenial | DNE | |
| zesty | released | 1:1.5.2-4ubuntu0.1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/xenial | released | 1:2.0.1-3~ubuntu16.04.2 |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | needs-triage | |
| vivid/ubuntu-core | DNE | |
| xenial | released | 1:2.0.1-3~ubuntu16.04.2 |
| zesty | DNE |
Показывать по
EPSS
3.6 Low
CVSS2
7.1 High
CVSS3
Связанные уязвимости
In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash (denial of service). This occurs because '\0' characters are incorrectly skipped in situations involving ? characters.
In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash (denial of service). This occurs because '\0' characters are incorrectly skipped in situations involving ? characters.
In the PatternMatch function in fontfile/fontdir.c in libXfont through ...
In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash (denial of service). This occurs because '\0' characters are incorrectly skipped in situations involving ? characters.
EPSS
3.6 Low
CVSS2
7.1 High
CVSS3