VDB

GCVE-VVD-MAGEIA-2017-373

GCVE-VVD-MAGEIA-2017-373
Advisory Published
Vulnetix · Advisory published October 18, 2017
In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash (denial of service). This occurs because '\0' characters are incorrectly skipped in situations involving ? characters. (CVE-2017-13720) In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server. (CVE-2017-13722)

Affected Products

VendorProductVersionsPlatforms
Mageialibxfont0 (affected), 1.5.1-1.1.mga5 (unaffected)
Mageialibxfont0 (affected), 1.5.2-1.1.mga6 (unaffected)
Mageialibxfont20 (affected), 2.0.1-4.1.mga6 (unaffected)

Browse GCVE Records

78,914 records in the GCVE database · Updated July 13, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›