What is the severity of CVE-2014-0211?

CVE-2014-0211 has a high severity rating due to its potential for remote code execution through crafted font server replies.

How do I fix CVE-2014-0211?

To fix CVE-2014-0211, upgrade to libXfont version 1.4.8 or later.

Which software is affected by CVE-2014-0211?

CVE-2014-0211 affects X.Org libXfont versions prior to 1.4.8 and various Ubuntu Linux distributions including versions 10.04 to 14.04.

What types of applications are at risk from CVE-2014-0211?

Applications that utilize X.Org libXfont for font rendering are at risk from CVE-2014-0211.

Can CVE-2014-0211 be exploited remotely?

Yes, CVE-2014-0211 can be exploited remotely via crafted replies from vulnerable font servers.

Vulnerability/
CVE-2014-0211

high

7.5

CWE

189 119 190

15/5/2014

12/4/2025

CVE-2014-0211: Buffer Overflow

First published: Thu May 15 2014(Updated: )

Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Ubuntu	=10.04
Ubuntu	=12.04
Ubuntu	=12.10
Ubuntu	=13.10
Ubuntu	=14.04
Red Hat Libxfont	<=1.4.7
Red Hat Libxfont	=1.2.3
Red Hat Libxfont	=1.2.4
Red Hat Libxfont	=1.2.5
Red Hat Libxfont	=1.2.6
Red Hat Libxfont	=1.2.7
Red Hat Libxfont	=1.2.8
Red Hat Libxfont	=1.2.9
Red Hat Libxfont	=1.3.0
Red Hat Libxfont	=1.3.1
Red Hat Libxfont	=1.3.2
Red Hat Libxfont	=1.3.3
Red Hat Libxfont	=1.3.4
Red Hat Libxfont	=1.4.0
Red Hat Libxfont	=1.4.1
Red Hat Libxfont	=1.4.2
Red Hat Libxfont	=1.4.3
Red Hat Libxfont	=1.4.4
Red Hat Libxfont	=1.4.5
Red Hat Libxfont	=1.4.6
Red Hat Libxfont	=1.4.99
	=10.04
	=12.04
	=12.10
	=13.10
	=14.04
	<=1.4.7
	=1.2.3
	=1.2.4
	=1.2.5
	=1.2.6
	=1.2.7
	=1.2.8
	=1.2.9
	=1.3.0
	=1.3.1
	=1.3.2
	=1.3.3
	=1.3.4
	=1.4.0
	=1.4.1
	=1.4.2
	=1.4.3
	=1.4.4
	=1.4.5
	=1.4.6
	=1.4.99

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-0211?
CVE-2014-0211 has a high severity rating due to its potential for remote code execution through crafted font server replies.
How do I fix CVE-2014-0211?
To fix CVE-2014-0211, upgrade to libXfont version 1.4.8 or later.
Which software is affected by CVE-2014-0211?
CVE-2014-0211 affects X.Org libXfont versions prior to 1.4.8 and various Ubuntu Linux distributions including versions 10.04 to 14.04.
What types of applications are at risk from CVE-2014-0211?
Applications that utilize X.Org libXfont for font rendering are at risk from CVE-2014-0211.
Can CVE-2014-0211 be exploited remotely?
Yes, CVE-2014-0211 can be exploited remotely via crafted replies from vulnerable font servers.

agent/type
collector/mitre-cve
source/MITRE
agent/references
agent/author
agent/severity
agent/weakness
agent/description
agent/first-publish-date
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/last-modified-date
agent/source
agent/softwarecombine
agent/tags
agent/event
vendor/canonical
canonical/ubuntu
version/ubuntu/10.04
version/ubuntu/12.04
version/ubuntu/12.10
version/ubuntu/13.10
version/ubuntu/14.04
vendor/x
canonical/red hat libxfont
version/red hat libxfont/1.4.7
version/red hat libxfont/1.2.3
version/red hat libxfont/1.2.4
version/red hat libxfont/1.2.5
version/red hat libxfont/1.2.6
version/red hat libxfont/1.2.7
version/red hat libxfont/1.2.8
version/red hat libxfont/1.2.9
version/red hat libxfont/1.3.0
version/red hat libxfont/1.3.1
version/red hat libxfont/1.3.2
version/red hat libxfont/1.3.3
version/red hat libxfont/1.3.4
version/red hat libxfont/1.4.0
version/red hat libxfont/1.4.1
version/red hat libxfont/1.4.2
version/red hat libxfont/1.4.3
version/red hat libxfont/1.4.4
version/red hat libxfont/1.4.5
version/red hat libxfont/1.4.6
version/red hat libxfont/1.4.99