libXfont.so is vulnerable to denial of service (DoS) attack. The PatternMatch
function in fontfile/fontdir.c
does not handle the case when a pattern contains the ?
character, skipping characters characters such as the NULL character or \0
in the string and eventually crashing when invalid memory is accessed during pattern matching.
CPE | Name | Operator | Version |
---|---|---|---|
libxfont.so | eq | 1.4.1 |