Vulnerability DatabaseCVE-2008-0006
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2008-0006
January 18, 2008
Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in the PCF_BDF_ENCODINGS table.
Related ResourcesĀ (68)
http://www.mandriva.com/security/advisories?name=MDVSA-2008:022
http://secunia.com/advisories/28273
https://exchange.xforce.ibmcloud.com/vulnerabilities/39767
http://www.openbsd.org/errata42.html#006_xorg
http://secunia.com/advisories/29707
http://security.gentoo.org/glsa/glsa-200801-09.xml
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
http://secunia.com/advisories/29622
http://secunia.com/advisories/28718
http://secunia.com/advisories/32545
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00704.html
http://secunia.com/advisories/30161
http://www.vupen.com/english/advisories/2008/0703
http://secunia.com/advisories/29420
http://www.openbsd.org/errata41.html#012_xorg
http://sunsolve.sun.com/search/document.do?assetkey=1-26-201230-1
http://secunia.com/advisories/28532
http://secunia.com/advisories/28941
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00771.html
http://secunia.com/advisories/28544
http://www.securityfocus.com/bid/27352
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html
http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX61&path=/200802/SECURITY/20080227/datafile112539&label=AIX%20X%20server%20multiple%20vulnerabilities
http://www.redhat.com/support/errata/RHSA-2008-0030.html
http://www.vupen.com/english/advisories/2008/3000
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001043.html
http://www.redhat.com/support/errata/RHSA-2008-0064.html
http://secunia.com/advisories/29139
https://bugzilla.redhat.com/show_bug.cgi?id=428044
http://www.redhat.com/support/errata/RHSA-2008-0029.html
http://secunia.com/advisories/28592
http://lists.freedesktop.org/archives/xorg/2008-January/031918.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10021
http://security.gentoo.org/glsa/glsa-200804-05.xml
https://usn.ubuntu.com/571-1/
http://support.avaya.com/elmodocs2/security/ASA-2008-038.htm
http://secunia.com/advisories/28540
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00674.html
http://securitytracker.com/id?1019232
http://secunia.com/advisories/28843
http://www.mandriva.com/security/advisories?name=MDVSA-2008:021
http://www.vupen.com/english/advisories/2008/0497/references
http://www.securityfocus.com/archive/1/487335/100/0/threaded
http://secunia.com/advisories/28621
http://www.vupen.com/english/advisories/2008/0924/references
https://access.redhat.com/security/cve/CVE-2008-0006
http://jvn.jp/en/jp/JVN88935101/index.html
http://secunia.com/advisories/28536
http://secunia.com/advisories/28571
http://secunia.com/advisories/28542
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
http://bugs.gentoo.org/show_bug.cgi?id=204362
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103192-1
http://www.vupen.com/english/advisories/2008/0184
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00641.html
http://www.securityfocus.com/bid/27336
http://secunia.com/advisories/28500
http://www.kb.cert.org/vuls/id/203220
http://secunia.com/advisories/28550
https://issues.rpath.com/browse/RPL-2010
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00004.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:024
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321
http://support.avaya.com/elmodocs2/security/ASA-2008-077.htm
http://www.vupen.com/english/advisories/2008/0179
http://secunia.com/advisories/28885
http://secunia.com/advisories/28535
http://docs.info.apple.com/article.html?artnum=307562
Do you need more information?
Contact Us
CVSS v4
Base Score:
6.9
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
LOW
Vulnerable System Availability
LOW
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
7.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
LOW
CVSS v2
Base Score:
7.5
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
Weakness Type (CWE)
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-119
EPSS
Base Score:
29.27