VYPR

rpm package

opensuse/libXfont&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/libXfont&distro=openSUSE%20Tumbleweed

Vulnerabilities (3)

  • CVE-2017-16611MedDec 1, 2017
    affected < 1.5.4-2.18fixed 1.5.4-2.18

    In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files.

  • CVE-2017-13722HigOct 11, 2017
    affected < 1.5.4-2.18fixed 1.5.4-2.18

    In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server

  • CVE-2017-13720HigOct 11, 2017
    affected < 1.5.4-2.18fixed 1.5.4-2.18

    In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash (denial of service). This occu