3.6 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:N/A:P
7.1 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
6.5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
26.7%
Package : libxfont
Version : 1:1.4.5-5+deb7u1
CVE IDs : CVE-2017-13720 CVE-2017-13722
It was discovered that there two vulnerabilities the library providing
font selection and rasterisation, libxfont:
CVE-2017-13720: If a pattern contained a '?' character any character
in the string is skipped even if it was a '\0'. The rest of the
matching then read invalid memory.
CVE-2017-13722: A malformed PCF file could cause the library to make
reads from random heap memory that was behind the strings
buffer,
leading to an application crash or a information leak.
For Debian 7 "Wheezy", this issue has been fixed in libxfont version
1:1.4.5-5+deb7u1.
We recommend that you upgrade your libxfont packages.
Regards,
,''`.
: :' : Chris Lamb
`. `'` [email protected] / chris-lamb.co.uk
`-
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 7 | amd64 | libxfont-dev | < 1:1.4.5-5+deb7u1 | libxfont-dev_1:1.4.5-5+deb7u1_amd64.deb |
Debian | 7 | armhf | libxfont-dev | < 1:1.4.5-5+deb7u1 | libxfont-dev_1:1.4.5-5+deb7u1_armhf.deb |
Debian | 7 | i386 | libxfont-dev | < 1:1.4.5-5+deb7u1 | libxfont-dev_1:1.4.5-5+deb7u1_i386.deb |
Debian | 7 | armel | libxfont-dev | < 1:1.4.5-5+deb7u1 | libxfont-dev_1:1.4.5-5+deb7u1_armel.deb |
Debian | 7 | armhf | libxfont1-udeb | < 1:1.4.5-5+deb7u1 | libxfont1-udeb_1:1.4.5-5+deb7u1_armhf.deb |
Debian | 7 | amd64 | libxfont1 | < 1:1.4.5-5+deb7u1 | libxfont1_1:1.4.5-5+deb7u1_amd64.deb |
Debian | 7 | armel | libxfont1-udeb | < 1:1.4.5-5+deb7u1 | libxfont1-udeb_1:1.4.5-5+deb7u1_armel.deb |
Debian | 7 | i386 | libxfont1-udeb | < 1:1.4.5-5+deb7u1 | libxfont1-udeb_1:1.4.5-5+deb7u1_i386.deb |
Debian | 7 | armel | libxfont1 | < 1:1.4.5-5+deb7u1 | libxfont1_1:1.4.5-5+deb7u1_armel.deb |
Debian | 7 | i386 | libxfont1 | < 1:1.4.5-5+deb7u1 | libxfont1_1:1.4.5-5+deb7u1_i386.deb |
3.6 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:N/A:P
7.1 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
6.5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
26.7%