CVE-2014-0209

Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata.

Date published : 2014-05-15

http://www.securityfocus.com/bid/67382

http://www.securityfocus.com/archive/1/534161/100/0/threaded