CLD-73 Details
Other IDs this deficiency may be known by:
Basic Information:
Affected Package(s) |
xorg-libraries |
Deficiency Type |
SECURITY |
Date Created |
2017-10-10 17:49:24 |
Date Last Modified |
2017-10-11 11:30:34 |
Version Specific Information:
Cucumber 1.0 i686 | fixed in xorg-libraries-7.7-i686-3 |
Cucumber 1.0 x86_64 | fixed in xorg-libraries-7.7-x86_64-3 and xorg-libraries-lib_i686-7.7-lib_i686-3 |
Cucumber 1.1 i686 |
fixed in xorg-libraries-7.7-i686-3 |
Cucumber 1.1 x86_64 |
fixed in xorg-libraries-7.7-x86_64-3 and xorg-libraries-lib_i686-7.7-lib_i686-3 |
Details:
This vulnerability was originally reported by the Debian security team in
DSA 3995-1, along with CVE-2017-13720. They claim the following:
Two vulnerabilities were found in libXfont, the X11 font rasterisation library,
which could result in denial of service or memory disclosure
(https://www.debian.org/security/2017/dsa-3995).
The Xorg developers released a patch and had this to say:
Without the checks a malformed PCF file can cause the library to make atom from
random heap memory that was behind the `strings` buffer. This may crash the
process or leak information
(https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=672bb944311392e2415b39c0d63b1e1902905bcd).