Displaying 3 results from an estimated 3 matches for "bdfreadproperti".
Did you mean:
bdfreadproperties
2015 Mar 17
0
[ANNOUNCE] libXfont 1.5.1
...visory
about BDF font parsing bugs. Like libXfont 1.5.0, it requires fontsproto
2.1.3 or later and will not build cleanly with older versions.
Alan Coopersmith (6):
Remove unneeded checks for #ifndef X_NOT_POSIX
Use 'imdent' to realign cpp indentation levels in fslibos.h
bdfReadProperties: property count needs range check [CVE-2015-1802]
bdfReadCharacters: bailout if a char's bitmap cannot be read [CVE-2015-1803]
bdfReadCharacters: ensure metrics fit into xCharInfo struct [CVE-2015-1804]
libXfont 1.5.1
Christos Zoulas (1):
Set close-on-exec for font fi...
2015 Mar 17
0
[ANNOUNCE] libXfont 1.4.9
This release of libXfont provides the fixes for today's security advisory
about BDF font parsing bugs. Like libXfont 1.4.8, it requires fontsproto
2.1.2 or earlier and will not build cleanly with newer versions.
Alan Coopersmith (4):
bdfReadProperties: property count needs range check [CVE-2015-1802]
bdfReadCharacters: bailout if a char's bitmap cannot be read [CVE-2015-1803]
bdfReadCharacters: ensure metrics fit into xCharInfo struct [CVE-2015-1804]
libXfont 1.4.9
Christos Zoulas (1):
Set close-on-exec for font fi...
2015 Mar 17
0
[ANNOUNCE] X.Org Security Advisory: More BDF file parsing issues in libXfont
...leged
user with access to the X server can tell the X server to read a given font
file from a path of their choosing, these vulnerabilities have the potential
to allow unprivileged users to run code with the privileges of the X server
(often root access).
The vulnerabilities are:
- CVE-2015-1802: bdfReadProperties: property count needs range check
The bdf parser reads a count for the number of properties defined in
a font from the font file, and allocates arrays with entries for each
property based on that count. It never checked to see if that count
was negative, or large enough to overf...