CVE ID: CVE-2011-2895
libXfont contains a compress / LZW decompresser implementation based
on the original BSD compress code. A specially crafted LZW stream can
cause a buffer overflow in an application using libXfont that is used
to open untrusted font files, such as the X server (often run with
elevated privileges) when a client adds a local directory to the font
path. Successful exploitation may possibly lead to a local privilege
This is fixed in libXfont-1.4.4. Please add arches as you see fit.
Arches, please stabilize x11-libs/libXfont-1.4.4
take a look at bug 378875
(In reply to comment #2)
> take a look at bug 378875
amd64 ok with exception for bug that I've posted
Stable for HPPA.
amd64 done. Thanks Agostino
Arch tested on x86, all good here ...
Created attachment 283373 [details]
x86 stable, thanks David
Thanks, folks. GLSA request filed.
The LZW decompressor in (1) the BufCompressedFill function in
fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2)
compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8,
FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1,
FreeType 2.1.9, and other products, does not properly handle code words that
are absent from the decompression table when encountered, which allows
context-dependent attackers to trigger an infinite loop or a heap-based
buffer overflow, and possibly execute arbitrary code, via a crafted
compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.
This issue was resolved and addressed in
GLSA 201402-23 at http://security.gentoo.org/glsa/glsa-201402-23.xml
by GLSA coordinator Chris Reffett (creffett).