CVE-2014-0209
libxfont - security update
EPSS 0.17%
Description
Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata.
How to fix CVE-2014-0209
To remediate CVE-2014-0209, upgrade the affected package to a fixed version below.
- Debian/libxfont—upgrade to 1:1.4.7-2 or later
- Debian/libxfont—upgrade to 1:1.4.1-5 or later
Is CVE-2014-0209 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1:1.4.7-2
- from 0, < 1:1.4.1-5