CVE-2014-0209

Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata.

Published: May 15, 2014
Updated: Nov 9, 2025
CVE: CVE-2014-0209
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-189

Affected Software
References

Software	From	Fixed in
x / libxfont	-	1.4.7.x
x / libxfont	1.4.4	1.4.4.x
x / libxfont	1.2.7	1.2.7.x
x / libxfont	1.2.6	1.2.6.x
x / libxfont	1.3.3	1.3.3.x
x / libxfont	1.3.2	1.3.2.x
x / libxfont	1.3.4	1.3.4.x
x / libxfont	1.3.1	1.3.1.x
x / libxfont	1.4.0	1.4.0.x
x / libxfont	1.2.4	1.2.4.x
x / libxfont	1.4.99	1.4.99.x
x / libxfont	1.2.9	1.2.9.x
x / libxfont	1.4.1	1.4.1.x
x / libxfont	1.4.6	1.4.6.x
x / libxfont	1.2.3	1.2.3.x
x / libxfont	1.2.5	1.2.5.x
x / libxfont	1.2.8	1.2.8.x
x / libxfont	1.4.5	1.4.5.x
x / libxfont	1.3.0	1.3.0.x
x / libxfont	1.4.2	1.4.2.x
x / libxfont	1.4.3	1.4.3.x
canonical / ubuntu_linux	13.10	13.10.x
canonical / ubuntu_linux	12.10	12.10.x
canonical / ubuntu_linux	14.04	14.04.x
canonical / ubuntu_linux	12.04	12.04.x
canonical / ubuntu_linux	10.04	10.04.x

Vulnerability Database

300,444

CVE-2014-0209

Deep Security Visibility Without the Complexity