Bugzilla – Bug 7535
Freetype2 pcf font problem also affects libXfont
Last modified: 2006-07-23 14:03:22 UTC
From Marcus Meissner:
Not sure if you got this report already.
Matthew Barnes of Redhat reported a freetype2 crash, which Werner
Lemberg of freetype2 also thought affects X own PCF reader.
I confirmed this, my X.Org server crashes as soon as I (as
the logged in X user) do:
xset +fp ~/badfont/
with a SIGSEGV in strlen().
It is unclear if this problem can be exploited to execute code (it
crashes in a strlen() for me), but a crashing X server is not good either.
Werner Lemberg of freetype2 also writes:
"BTW, I've looked into the code of XFree86 4.3.0 (this is what I've
unpacked at home), and I see that there's virtually no protection against
malformed PCF -- our PCF developer originally took most of the code from
Created attachment 6230 [details]
Bad font that triggers the bug
Created attachment 6231 [details] [review]
This has been affected CVE-2006-3467
This is public
Perhaps not all the information is public
Yes it is public