CVE-2008-0006

Description

Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in the PCF_BDF_ENCODINGS table.

How to fix CVE-2008-0006

To remediate CVE-2008-0006, upgrade the affected package to a fixed version below.

• Debian/libxfont—upgrade to 1:1.3.1-2 or later
• Debian/xorg-server—upgrade to 2:1.4.1~git20080105-2 or later

Is CVE-2008-0006 being exploited?

Moderate — EPSS is 27.6%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (2)

• from 0, < 1:1.3.1-2
• from 0, < 2:1.4.1~git20080105-2

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2008-0006