{"vuid":"VU#203220","idnumber":"203220","name":"X.Org PCF font parser buffer overflow","keywords":["X.Org","X Window System","buffer overflow","DoS","denial of service","PCF font"],"overview":"A vulnerability in the X.Org server could allow a remote attacker to execute arbitrary code on an affected system.","clean_desc":"The X.Org project provides an open source implementation of the X Window System. The server supports bitmapped fonts in various formats, including Portable Compiled Font (PCF) format. A flaw exists in the handling of PCF fonts where the difference between lastCol and firstCol in the PCF_BDF_ENCODINGS table is greater than 255. An attacker with the ability to cause the X server to open a specially crafted PCF font file could cause a buffer overflow in the X server.","impact":"A remote attacker with an established, authenticated connection to the X server could execute arbitrary code with the privileges of the X server or cause the server to crash.","resolution":"Upgrade or apply a patch from the vendor Patches and updated versions of the software have been released to address this issue. Please see the Systems Affected section of this document for more information. Users who compile their X.Org system from the original source distribution should review the X.Org security advisory of January 17th, 2008","workarounds":"","sysaffected":"","thanks":"Thanks to Takuya Shiozaki working through JPCERT/CC for reporting this vulnerability.","author":"This document was written by Chad R Dougherty.","public":["h","t","t","p",":","/","/","l","i","s","t","s",".","f","r","e","e","d","e","s","k","t","o","p",".","o","r","g","/","a","r","c","h","i","v","e","s","/","x","o","r","g","/","2","0","0","8","-","J","a","n","u","a","r","y","/","0","3","1","9","1","8",".","h","t","m","l"],"cveids":["CVE-2008-0006"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2006-12-12T14:18:16Z","publicdate":"2008-01-17T00:00:00Z","datefirstpublished":"2008-03-19T14:53:35Z","dateupdated":"2008-03-19T14:54:10Z","revision":9,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"20","cam_exploitation":"0","cam_internetinfrastructure":"4","cam_population":"15","cam_impact":"19","cam_easeofexploitation":"6","cam_attackeraccessrequired":"15","cam_scorecurrent":"11.5425","cam_scorecurrentwidelyknown":"11.5425","cam_scorecurrentwidelyknownexploited":"21.16125","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":11.5425,"vulnote":null}