CVE-2015-1804
Public on 2015-03-20
Modified on 2015-09-22
Description
An integer truncation flaw was discovered in the way libXfont processed certain Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with the privileges of the X.Org server.
Severity
CVSS v3 Base Score
See breakdown
Affected Packages
Platform | Package | Release Date | Advisory | Status |
---|---|---|---|---|
Amazon Linux 1 | libXfont | 2015-09-22 | ALAS-2015-597 | Fixed |
CVSS Scores
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv2 | 6.9 | AV:L/AC:M/Au:N/C:C/I:C/A:C |
NVD | CVSSv2 | 8.5 | AV:N/AC:M/Au:S/C:C/I:C/A:C |