VDB
GCVE-VVD-MAGEIA-2017-373
GCVE-VVD-MAGEIA-2017-373
Advisory Published
In the PatternMatch function in fontfile/fontdir.c in libXfont through
1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection
can cause a buffer over-read during pattern matching of fonts, leading
to information disclosure or a crash (denial of service). This occurs
because '\0' characters are incorrectly skipped in situations involving
? characters. (CVE-2017-13720)
In the pcfGetProperties function in bitmap/pcfread.c in libXfont through
1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files)
could be used by local attackers authenticated to an Xserver for a
buffer over-read, for information disclosure or a crash of the X server.
(CVE-2017-13722)
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | libxfont | 0 (affected), 1.5.1-1.1.mga5 (unaffected) | — |
| Mageia | libxfont | 0 (affected), 1.5.2-1.1.mga6 (unaffected) | — |
| Mageia | libxfont2 | 0 (affected), 2.0.1-4.1.mga6 (unaffected) | — |
Aliases
Transitive aliases
Browse GCVE Records
78,914 records in the GCVE database · Updated July 13, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.