CVE-2004-0083

XFree86 4.1.0-4.3.0 - Buffer Overflow in ReadFontAlias via Long Token

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-0083. PoCs published by [email protected].

AI-analyzed exploit summary This exploit targets a local buffer overflow in XFree86's font.alias file parsing to achieve privilege escalation. It crafts malicious font files and executes X11 with a manipulated environment to trigger the overflow and execute shellcode.

Description

Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106.

Exploits (1)

exploitdb WORKING POC VERIFIED
by [email protected] · clocallinux
https://www.exploit-db.com/exploits/23682

This exploit targets a local buffer overflow in XFree86's font.alias file parsing to achieve privilege escalation. It crafts malicious font files and executes X11 with a manipulated environment to trigger the overflow and execute shellcode.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: XFree86 X Windows system
No auth needed
Prerequisites: Local access to the target system · Ability to write files to /tmp
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (21)

Core 21
Core References
Vendor Advisory vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1
Vendor Advisory vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2004_06_xf86.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2004-060.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15130
Vendor Advisory vendor-advisory x_refsource_conectiva
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/9636
Vendor Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200402-02.xml
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=107644835523678&w=2
Mailing List vendor-advisory x_refsource_fedora
http://marc.info/?l=bugtraq&m=110979666528890&w=2
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2004/dsa-443
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A806
Vendor Advisory vendor-advisory x_refsource_mandrake
http://www.mandriva.com/security/advisories?name=MDKSA-2004:012
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A830
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2004-059.html
Vendor Advisory x_refsource_confirm
http://www.xfree86.org/cvs/changes
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/820006
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=107653324115914&w=2
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9612
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2004-061.html

Scores

EPSS 0.2117
EPSS Percentile 97.3%

Details

Status published
Products (8)
openbsd/openbsd 3.3
openbsd/openbsd 3.4
xfree86_project/x11r6 4.1.0
xfree86_project/x11r6 4.1.11
xfree86_project/x11r6 4.1.12
xfree86_project/x11r6 4.2.0
xfree86_project/x11r6 4.2.1 (2 CPE variants)
xfree86_project/x11r6 4.3.0
Published Mar 03, 2004
Tracked Since Feb 18, 2026