1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200609-04 / LibXfont |
| Release Date | September 06, 2006 |
| Latest Revision | September 06, 2006: 01 |
| Impact | normal |
| Exploitable | local |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| x11-libs/libXfont | < 1.2.0-r1 | >= 1.2.0-r1 | All supported architectures |
Related bugreports: #144092
A buffer overflow was discovered in the PCF font parser, potentially resulting in the execution of arbitrary code.
libXfont is the X.Org Xfont library, some parts are based on the FreeType code base.
Several integer overflows have been found in the PCF font parser.
A local attacker could possibly execute arbitrary code or crash the Xserver by enticing a user to load a specially crafted PCF font file.
Do not use untrusted PCF Font files.
All libXfont users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=x11-libs/libXfont-1.2.0-r1" |