Total vulnerabilities in the database
Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow.
| Software | From | Fixed in |
|---|---|---|
| canonical / ubuntu_linux | 13.10 | 13.10.x |
| canonical / ubuntu_linux | 12.10 | 12.10.x |
| canonical / ubuntu_linux | 14.04 | 14.04.x |
| canonical / ubuntu_linux | 12.04 | 12.04.x |
| canonical / ubuntu_linux | 10.04 | 10.04.x |
| x / libxfont | - | 1.4.7.x |
| x / libxfont | 1.4.4 | 1.4.4.x |
| x / libxfont | 1.2.7 | 1.2.7.x |
| x / libxfont | 1.2.6 | 1.2.6.x |
| x / libxfont | 1.3.3 | 1.3.3.x |
| x / libxfont | 1.3.2 | 1.3.2.x |
| x / libxfont | 1.3.4 | 1.3.4.x |
| x / libxfont | 1.3.1 | 1.3.1.x |
| x / libxfont | 1.4.0 | 1.4.0.x |
| x / libxfont | 1.2.4 | 1.2.4.x |
| x / libxfont | 1.4.99 | 1.4.99.x |
| x / libxfont | 1.2.9 | 1.2.9.x |
| x / libxfont | 1.4.1 | 1.4.1.x |
| x / libxfont | 1.4.6 | 1.4.6.x |
| x / libxfont | 1.2.3 | 1.2.3.x |
| x / libxfont | 1.2.5 | 1.2.5.x |
| x / libxfont | 1.2.8 | 1.2.8.x |
| x / libxfont | 1.4.5 | 1.4.5.x |
| x / libxfont | 1.3.0 | 1.3.0.x |
| x / libxfont | 1.4.2 | 1.4.2.x |
| x / libxfont | 1.4.3 | 1.4.3.x |