CVE-2017-13720 in libXfontinfo

Summary

In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash (denial of service). This occurs because '\0' characters are incorrectly skipped in situations involving ? characters.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservation

08/28/2017

Disclosure

10/11/2017

Moderation

VulDB entry created

Entries

1: VDB-107764

CPE

ready

CWE

CWE-125 (Confirmed)

CVSS

6.2

EPSS

0.00063

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2017-13720
NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-13720
CVE Details	https://www.cvedetails.com/cve/CVE-2017-13720/

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!