From Marcus Meissner: Not sure if you got this report already. Matthew Barnes of Redhat reported a freetype2 crash, which Werner Lemberg of freetype2 also thought affects X own PCF reader. I confirmed this, my X.Org server crashes as soon as I (as the logged in X user) do: xset +fp ~/badfont/ xfontsel with a SIGSEGV in strlen(). It is unclear if this problem can be exploited to execute code (it crashes in a strlen() for me), but a crashing X server is not good either. Werner Lemberg of freetype2 also writes: "BTW, I've looked into the code of XFree86 4.3.0 (this is what I've unpacked at home), and I see that there's virtually no protection against malformed PCF -- our PCF developer originally took most of the code from xc/lib/font/bitmap/pcfread.c" Confirmed here.
Created attachment 6230 [details] Bad font that triggers the bug
Created attachment 6231 [details] [review] proposed patch
This has been affected CVE-2006-3467
This is public
Perhaps not all the information is public
Yes it is public
Patch commited
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.