A buffer overflow was discovered in the PCF font parser, potentially resulting in the execution of arbitrary code.
Package | x11-libs/libXfont on all architectures |
---|---|
Affected versions | < 1.2.0-r1 |
Unaffected versions | >= 1.2.0-r1 |
libXfont is the X.Org Xfont library, some parts are based on the FreeType code base.
Several integer overflows have been found in the PCF font parser.
A local attacker could possibly execute arbitrary code or crash the Xserver by enticing a user to load a specially crafted PCF font file.
Do not use untrusted PCF Font files.
All libXfont users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=x11-libs/libXfont-1.2.0-r1"
Release date
September 06, 2006
Latest revision
September 06, 2006: 01
Severity
normal
Exploitable
local
Bugzilla entries