X.Org Security Advisory: January 7, 2014 - CVE-2013-6462 Stack buffer overflow in parsing of BDF font files in libXfont ============================================================== Description: ============ Scanning of the libXfont sources with the cppcheck static analyzer included a report of: [lib/libXfont/src/bitmap/bdfread.c:341]: (warning) scanf without field width limits can crash with huge input data. Evaluation of this report by X.Org developers concluded that a BDF font file containing a longer than expected string could overflow the buffer on the stack. Testing in X servers built with Stack Protector resulted in an immediate crash when reading a user-provided specially crafted font.
libXfont-1.4.7 has been committed which fixes the issue, and can be stabilized if no serious issues are reported with it.
No problems reported so far. Arches, please stabilize =x11-libs/libXfont-1.4.7
Stable for HPPA.
ia64 stable
arm stable
amd64 stable
x86 stable
ppc64 stable
ppc stable
alpha stable
sparc stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
Vulnerable versions have been removed.
added to existing glsa request
CVE-2013-6462 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6462): Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont 1.1 through 1.4.6 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in a character name in a BDF font file.
This issue was resolved and addressed in GLSA 201402-23 at http://security.gentoo.org/glsa/glsa-201402-23.xml by GLSA coordinator Chris Reffett (creffett).