{"id":"USN-2211-1","summary":"libxfont vulnerabilities","details":"Ilja van Sprundel discovered that libXfont incorrectly handled font\nmetadata file parsing. A local attacker could use this issue to cause\nlibXfont to crash, or possibly execute arbitrary code in order to gain\nprivileges. (CVE-2014-0209)\n\nIlja van Sprundel discovered that libXfont incorrectly handled X Font\nServer replies. A malicious font server could return specially-crafted data\nthat could cause libXfont to crash, or possibly execute arbitrary code.\nThis issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, Ubuntu 12.10\nand Ubuntu 13.10. (CVE-2014-0210, CVE-2014-0211)\n","modified":"2026-04-22T08:52:10.012050Z","published":"2014-05-14T14:20:12Z","related":["UBUNTU-CVE-2014-0209"],"upstream":["CVE-2014-0209","CVE-2014-0210","CVE-2014-0211","UBUNTU-CVE-2014-0209","UBUNTU-CVE-2014-0210","UBUNTU-CVE-2014-0211"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-2211-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-0209"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-0210"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-0211"}],"affected":[{"package":{"name":"libxfont","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/libxfont@1:1.4.7-1ubuntu0.1?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.4.7-1ubuntu0.1"}]}],"versions":["1:1.4.6-1","1:1.4.6-1ubuntu1","1:1.4.7-1"],"ecosystem_specific":{"binaries":[{"binary_version":"1:1.4.7-1ubuntu0.1","binary_name":"libxfont1"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2211-1.json","cves_map":{"ecosystem":"Ubuntu:14.04:LTS","cves":[{"severity":[{"type":"Ubuntu","score":"medium"}],"id":"CVE-2014-0209"}]}}}],"schema_version":"1.7.5"}