oss-sec mailing list archives
Fwd: X.Org Security Advisory: CVE-2013-6462: Stack buffer overflow in parsing of BDF font files in libXfont
From: Alan Coopersmith <alan.coopersmith () oracle com>
Date: Tue, 07 Jan 2014 08:47:29 -0800
--- Begin Message --- From: Alan Coopersmith <alan.coopersmith () oracle com>
Date: Tue, 7 Jan 2014 08:43:23 -0800
X.Org Security Advisory: January 7, 2014 - CVE-2013-6462 Stack buffer overflow in parsing of BDF font files in libXfont ============================================================== Description: ============ Scanning of the libXfont sources with the cppcheck static analyzer included a report of: [lib/libXfont/src/bitmap/bdfread.c:341]: (warning) scanf without field width limits can crash with huge input data. Evaluation of this report by X.Org developers concluded that a BDF font file containing a longer than expected string could overflow the buffer on the stack. Testing in X servers built with Stack Protector resulted in an immediate crash when reading a user-provided specially crafted font. As libXfont is used to read user-specified font files in all X servers distributed by X.Org, including the Xorg server which is often run with root privileges or as setuid-root in order to access hardware, this bug may lead to an unprivileged user acquiring root privileges in some systems. Affected Versions ================= This bug appears to have been introduced in the initial RCS version 1.1 checked in on 1991/05/10, and is thus believed to be present in every X11 release starting with X11R5 up to the current libXfont 1.4.6. (Manual inspection shows it is present in the sources from the X11R5 tarballs, but not in those from the X11R4 tarballs.) Fixes ===== A fix is available via the attached patch, which is also included in libXfont 1.4.7, released today, and available in the libXfont git repo: http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=4d024ac10f964f6bd372ae0dd14f02772a6e5f63 Thanks ====== X.Org thanks the authors of the cppcheck tool for making their static analyzer available as an open source project we can all benefit from. http://cppcheck.sourceforge.net/ -- -Alan Coopersmith- alan.coopersmith () oracle com X.Org Security Response Team - xorg-security () lists x orgAttachment: 0001-CVE-2013-6462-unlimited-sscanf-overflows-stack-buffe.patch
Description:Attachment: _bin
Description:_______________________________________________ xorg () lists x org: X.Org support Archives: http://lists.freedesktop.org/archives/xorg Info: http://lists.x.org/mailman/listinfo/xorg Your subscription address: alan.coopersmith () oracle com
--- End Message ---
Current thread:
- Fwd: X.Org Security Advisory: CVE-2013-6462: Stack buffer overflow in parsing of BDF font files in libXfont Alan Coopersmith (Jan 07)