FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libXfont -- possible local privilege escalation

Affected packages
libXfont < 1.4.4_1,1

Details

VuXML ID 304409c3-c3ef-11e0-8aa5-485d60cb5385
Discovery 2011-07-26
Entry 2011-08-11
Modified 2012-03-13

Tomas Hoger reports:

The compress/ LZW decompress implentation does not correctly handle compressed streams that contain code words that were not yet added to the decompression table. This may lead to arbitrary memory corruption. Successfull exploitation may possible lead to a local privilege escalation.

References

CVE Name CVE-2011-2895
URL https://bugzilla.redhat.com/show_bug.cgi?id=725760