CVE-2017-13722 - OpenCVE

In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server.

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
X.org	Libxfont

Configuration 1 [-]

OR	cpe:2.3:a:x.org:libxfont::::::::
	cpe:2.3:a:x.org:libxfont:2.0.0:::::::*
	cpe:2.3:a:x.org:libxfont:2.0.1:::::::*

References

Link	Resource
http://www.debian.org/security/2017/dsa-3995
https://bugzilla.redhat.com/show_bug.cgi?id=1500693	Issue Tracking
https://bugzilla.suse.com/show_bug.cgi?id=1049692	Issue Tracking
https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=672bb944311392e2415b39c0d63b1e1902905bcd	Patch Third Party Advisory
https://security.gentoo.org/glsa/201711-08
https://www.x.org/releases/individual/lib/libXfont2-2.0.2.tar.bz2	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2017-10-11T17:00:00

Updated: 2017-11-12T10:57:01

Reserved: 2017-08-28T00:00:00

Link: CVE-2017-13722

JSON object: View

NVD Information

Status : Modified

Published: 2017-10-11T17:29:00.350

Modified: 2017-11-13T02:29:02.430

Link: CVE-2017-13722

JSON object: View

Redhat Information

No data.

CWE

CWE-125

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-10-11T00:00:00", "descriptions": [{"lang": "en", "value": "In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-12T10:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=672bb944311392e2415b39c0d63b1e1902905bcd"}, {"name": "DSA-3995", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2017/dsa-3995"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.x.org/releases/individual/lib/libXfont2-2.0.2.tar.bz2"}, {"name": "GLSA-201711-08", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201711-08"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500693"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1049692"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-13722", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=672bb944311392e2415b39c0d63b1e1902905bcd", "refsource": "CONFIRM", "url": "https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=672bb944311392e2415b39c0d63b1e1902905bcd"}, {"name": "DSA-3995", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3995"}, {"name": "https://www.x.org/releases/individual/lib/libXfont2-2.0.2.tar.bz2", "refsource": "CONFIRM", "url": "https://www.x.org/releases/individual/lib/libXfont2-2.0.2.tar.bz2"}, {"name": "GLSA-201711-08", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201711-08"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1500693", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500693"}, {"name": "https://bugzilla.suse.com/show_bug.cgi?id=1049692", "refsource": "CONFIRM", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1049692"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-13722", "datePublished": "2017-10-11T17:00:00", "dateReserved": "2017-08-28T00:00:00", "dateUpdated": "2017-11-12T10:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:x.org:libxfont:*:*:*:*:*:*:*:*", "matchCriteriaId": "94159B28-552B-449D-BAD5-AED275362D64", "versionEndIncluding": "1.5.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:x.org:libxfont:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B9D9133B-6806-4947-B43F-F13FE6FA1FE7", "vulnerable": true}, {"criteria": "cpe:2.3:a:x.org:libxfont:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "93F2E32E-A188-4EB6-929D-CF74271011C1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server."}, {"lang": "es", "value": "En la funci\u00f3n pcfGetProperties en bitmap/pcfread.c en libXfont, en versiones hasta la 1.5.2 y versiones 2.x hasta la 2.0.2, atacantes autenticados en un servidor X podr\u00edan utilizar la falta de una comprobaci\u00f3n de l\u00edmites (para archivos PCF) para llevar a cabo una sobrelectura de b\u00fafer con el fin de conseguir que se produzca una revelaci\u00f3n de informaci\u00f3n o un cierre inesperado del servidor X."}], "id": "CVE-2017-13722", "lastModified": "2017-11-13T02:29:02.430", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-10-11T17:29:00.350", "references": [{"source": "cve@mitre.org", "url": "http://www.debian.org/security/2017/dsa-3995"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500693"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1049692"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=672bb944311392e2415b39c0d63b1e1902905bcd"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201711-08"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.x.org/releases/individual/lib/libXfont2-2.0.2.tar.bz2"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}