A stack-based buffer overflow flaw was found in the way the libXfont library, used by the X.Org server, parsed Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server.
Red Hat would like to thank the X.Org security team for reporting this issue.
This issue is now public, and is noted as being fixed in libXfont 1.4.7 via the following commit:
It is also noted as affecting every version of X from X11R5 to libXfont 1.4.6.
Created libXfont tracking bugs for this issue:
Affects: fedora-all [bug 1049569]
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Via RHSA-2014:0018 https://rhn.redhat.com/errata/RHSA-2014-0018.html
Some media coverage: