CVE-2017-13720

CVE-2017-13720

In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash (denial of service). This occurs because ‘{$content}’ characters are incorrectly skipped in situations involving ? characters.

Source: CVE-2017-13720

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다