X Window System Denial of Service Vulnerability

vendor:

X Window System

by:

SecurityFocus

7.5

CVSS

HIGH

Denial of Service

400

CWE

Product Name: X Window System

Affected Version From: XFree86

Affected Version To: XFree86

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows, Linux, Mac

2002

X Window System Denial of Service Vulnerability

X Window System behaves unpredictably when handling an overly large font size. If an attacker can pass an overly large font size to X Window System, it is possible to cause a denial of service condition. Remote exploitation of this issue is possible via web clients or other applications which do not check that the font size is sane before passing it to the X Window System. This is reported to be a problem with xfs (X Font Server) and the libXfont component.

Mitigation:

Check that the font size is sane before passing it to the X Window System.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/4966/info

X Window System behaves unpredictably when handling an overly large font size. If an attacker can pass an overly large font size to X Window System, it is possible to cause a denial of service condition.

Remote exploitation of this issue is possible via web clients or other applications which do not check that the font size is sane before passing it to the X Window System. This is reported to be a problem with xfs (X Font Server) and the libXfont component.

This is reported to affect various X Window System implementations, including XFree86.

Include a huge font size in your style sheet definition, e.g.:
body { font-size: 1666666px; }