Vulnerability Report

CVE-2013-6462

Title: X Libxfont RCE

Memory Corruption

Proof Of Concept

No public PoC currently indexed for CVE-2013-6462.

CWE Category CWE-119

Published Date Jan 09, 2014

Modified Date Apr 29, 2026

Exploit Status Not Found

Score 9.3 CVSS v2.0

Exploit Probability (EPSS)

12.03%

Vulnerability Summary

CVE-2013-6462: Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont 1.1 through 1.4.6 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in a character name in a BDF font file.

Impacted Vendors

x.org 1

x 1

Reference Links

http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=4d024ac10f964f6bd372ae0dd14f02772a6e5f63 http://lists.opensuse.org/opensuse-updates/2014-01/msg00050.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00052.html http://lists.x.org/archives/xorg-announce/2014-January/002389.html http://osvdb.org/101842 http://rhn.redhat.com/errata/RHSA-2014-0018.html http://seclists.org/oss-sec/2014/q1/33 http://secunia.com/advisories/56240 http://secunia.com/advisories/56336 http://secunia.com/advisories/56357 http://secunia.com/advisories/56371 http://www.debian.org/security/2014/dsa-2838 http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html http://www.securityfocus.com/bid/64694 http://www.ubuntu.com/usn/USN-2078-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/90123 http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=4d024ac10f964f6bd372ae0dd14f02772a6e5f63 http://lists.opensuse.org/opensuse-updates/2014-01/msg00050.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00052.html http://lists.x.org/archives/xorg-announce/2014-January/002389.html http://osvdb.org/101842 http://rhn.redhat.com/errata/RHSA-2014-0018.html http://seclists.org/oss-sec/2014/q1/33 http://secunia.com/advisories/56240 http://secunia.com/advisories/56336 http://secunia.com/advisories/56357 http://secunia.com/advisories/56371 http://www.debian.org/security/2014/dsa-2838 http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html http://www.securityfocus.com/bid/64694 http://www.ubuntu.com/usn/USN-2078-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/90123

CVSS v2.0

Source Entity [email protected]

Severity HIGH

9.3

Access Vector

N/A

Authentication

N/A

RAW VECTOR AV:N/AC:M/Au:N/C:C/I:C/A:C

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2013-6462 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

April 29, 2026 MODIFIED

Vulnerability data updated via NVD.

April 11, 2025 MODIFIED

Vulnerability data or affected products updated.

January 09, 2014 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A

Complexity N/A

Privileges N/A

Interaction NONE

CVSS Vector String


                                    AV:N/AC:M/Au:N/C:C/I:C/A:C

Affected Stack

No specific products linked.