Another X.Org Security Advisory Disclosed Today

Security researcher Ilja van Sprundel previously characterized the X.Org security scene as being a disaster. This researcher at IOActive has previously reported a large number of X.Org security issues and today is yet another advisory thanks to Ilja.

This newest X.Org Security Advisory is for another long-standing issue that dates back to its introduction in X11R5. If there's any good out of it, this advisory just affects the libXfont library that no longer is too widely-used, albeit still developed.

This libXfont issue could allow attackers to execute privileges with the same rights as the X.Org Server, which is generally root. The advisory reads:

Ilja van Sprundel, a security researcher with IOActive, has discovered an issue in the parsing of BDF font files by libXfont. Additional testing by Alan Coopersmith and William Robinet with the American Fuzzy Lop (afl) tool uncovered two more issues in the parsing of BDF font files.

As libXfont is used by the X server to read font files, and an unprivileged user with access to the X server can tell the X server to read a given font file from a path of their choosing, these vulnerabilities have the potential to allow unprivileged users to run code with the privileges of the X server (often root access).

The resulting CVEs are "CVE-2015-1802: bdfReadProperties: property count needs range check", "CVE-2015-1803: bdfReadCharacters: bailout if a char's bitmap cannot be read", and "CVE-2015-1804: bdfReadCharacters: ensure metrics fit into xCharInfo struct."