CVE-2004-0084

XFree86 4.1.0-4.3.0 - Authenticated Buffer Overflow via Malformed Font Alias File

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-0084. PoCs published by Greg MacManus.

AI-analyzed exploit summary This exploit leverages a local buffer overflow in XFree86's font.alias file parsing to potentially gain root privileges. It creates a malicious fonts.alias file with a long string to trigger the overflow when the X server processes it.

Description

Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CVE-2004-0083 and CVE-2004-0106.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Greg MacManus · textdoslinux
https://www.exploit-db.com/exploits/23690

This exploit leverages a local buffer overflow in XFree86's font.alias file parsing to potentially gain root privileges. It creates a malicious fonts.alias file with a long string to trigger the overflow when the X server processes it.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: XFree86 X Windows system
No auth needed
Prerequisites: Local access to the system · Ability to write files in a directory accessible by the X server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (18)

Core 18
Core References
Vendor Advisory vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A831
Vendor Advisory vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2004_06_xf86.html
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/667502
Patch, Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2004-060.html
Vendor Advisory vendor-advisory x_refsource_conectiva
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15200
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A807
Mailing List vendor-advisory x_refsource_fedora
http://marc.info/?l=bugtraq&m=110979666528890&w=2
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2004/dsa-443
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=107662833512775&w=2
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10405
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/9652
Vendor Advisory vendor-advisory x_refsource_mandrake
http://www.mandriva.com/security/advisories?name=MDKSA-2004:012
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2004-059.html
Patch, Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2004-061.html

Scores

EPSS 0.2486
EPSS Percentile 97.6%

Details

Status published
Products (8)
openbsd/openbsd 3.3
openbsd/openbsd 3.4
xfree86_project/x11r6 4.1.0
xfree86_project/x11r6 4.1.11
xfree86_project/x11r6 4.1.12
xfree86_project/x11r6 4.2.0
xfree86_project/x11r6 4.2.1 (2 CPE variants)
xfree86_project/x11r6 4.3.0
Published Mar 03, 2004
Tracked Since Feb 18, 2026