Multiple integer overflow vulnerabilities in x.Org libXfontID: oval:org.secpod.oval:def:21515 | Date: (C)2014-10-30 (M)2023-12-07 |
Class: VULNERABILITY | Family: unix |
The host is installed with libXfont before 1.4.8 or 1.4.9x before 1.4.99.901 and is prone to multiple integer overflow vulnerabilities. The flaws are present in the application, which fails to handle vectors related to metadata. Successful exploitation could allow attackers to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow.
Platform: |
Red Hat Enterprise Linux 5 |
Red Hat Enterprise Linux 6 |