
Find real vulnerabilities before they ship
In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash (denial of service). This occurs because '\0' characters are incorrectly skipped in situations involving ? characters.
Base Score
7.1| Base Score | 7.1 |
|---|---|
| Vector String | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
| Base Severity | High |
| Version | 3.0 |
| Attack Vector (AV) | LOCAL |