Description
In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files.
References (8)
Core 8
Core References
Mailing List, Patch, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2017/11/28/7
Issue Tracking, Tool Signature, VDB Entry x_refsource_confirm
https://bugzilla.suse.com/show_bug.cgi?id=1050459
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-3500-1
Patch, Third Party Advisory mailing-list
x_refsource_mlist
https://marc.info/?l=freedesktop-xorg-announce&m=151188044218304&w=2
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201801-10
Patch, Third Party Advisory mailing-list
x_refsource_mlist
https://marc.info/?l=freedesktop-xorg-announce&m=151188049718337&w=2
Third Party Advisory x_refsource_misc
http://security.cucumberlinux.com/security/details.php?id=155
Issue Tracking, Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2022/01/msg00028.html
Scores
CVSS v3
5.5
EPSS
0.0042
EPSS Percentile
33.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-59
Status
published
Products (7)
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
16.04
canonical/ubuntu_linux
17.04
canonical/ubuntu_linux
17.10
debian/debian_linux
8.0
debian/debian_linux
9.0
x/libxfont
1.0.0 - 1.5.4
Published
Dec 01, 2017
Tracked Since
Feb 18, 2026