Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
X Fontserver for Truetype fonts (xfstt) 1.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a (1) FS_QueryXExtents8 or (2) FS_QueryXBitmaps8 packet, and possibly other types of packets, with a large num_ranges value, which causes an out-of-bounds array access.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
xfstt远程拒绝服务攻击漏洞
Vulnerability Description
X Fontserver Truetype fonts用于对TrueType字体进行解析。 xfstt由于不正确处理用户提交的恶意包,远程攻击者可以利用这个漏洞触发缓冲区溢出,进行拒绝服务攻击。 问题存在于xfstt.cc文件中的working()函数调用中,对来自外部接收到的数据缺少充分边界缓冲区检查,攻击者发送包含超大'req->num_ranges'值的包给xfstt服务器,可导致触发缓冲区溢出,也可能以xfstt进程权限在系统上执行任意指令。
CVSS Information
N/A
Vulnerability Type
N/A