CVE-2013-6462 [Critical] | Memory Corruption in Libxfont

CVE-2013-6462 is rated High Exploit Risk (87/100): CVSS Critical severity, with high exploitation likelihood (EPSS 12.03%, 94th percentile). 1 public exploit reference(s) are indexed (Exploit-DB). EPSS rose +1.96% over the last day, indicating growing attacker interest. Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

EDB-ID	Source	Kind	Published	Link
—	nvd_ref	exploit_tag		Exploit-DB ↗

EDB-ID

Source

Kind

Published

Link

—

nvd_ref

exploit_tag

Exploit-DB ↗

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-03-23	10.07%	12.03%	+1.96%
2	2025-12-03	14.18%	10.07%	-4.11%
3	2025-10-26	—	14.18%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-03-23

10.07%

12.03%

+1.96%

2025-12-03

14.18%

10.07%

-4.11%

2025-10-26

—

14.18%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
9.3	2.0	HIGH	`AV:N/AC:M/Au:N/C:C/I:C/A:C` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:M) Exploitation needs some favorable conditions, but not exceptional ones. Authentication (AU:N) No authentication is required. Confidentiality impact (C:C) Complete confidentiality impact. Integrity impact (I:C) Complete integrity impact. Availability impact (A:C) Complete availability impact.	8.6	10.0	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

9.3

2.0

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C Click to expand

Access vector (AV:N): Can be exploited remotely over network reachability.
Access complexity (AC:M): Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N): No authentication is required.
Confidentiality impact (C:C): Complete confidentiality impact.
Integrity impact (I:C): Complete integrity impact.
Availability impact (A:C): Complete availability impact.

8.6

10.0

[email protected]

OS Trackers for CVE-2013-6462

vendor	priority	summary	link
`debian`	not yet assigned	CVE-2013-6462 not yet assigned priority: Debian including 1 source packages (libxfont), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5.	https://security-tracker.debian.org/tracker/CVE-2013-6462
`gentoo`	high	CVE-2013-6462: 1 GLSA(s) (201402-23), 1 atom(s) (x11-libs/libXfont); latest impact high.	https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2013-6462
`redhat`	high	—	https://access.redhat.com/security/cve/CVE-2013-6462
`ubuntu`	medium	CVE-2013-6462 medium priority: Ubuntu including 1 source packages (libxfont), 6 status rows across 6 suites (lucid, precise, quantal, raring, saucy, upstream): released 5, needs-triage 1.	https://ubuntu.com/security/CVE-2013-6462

Affected software / configurations for CVE-2013-6462

Vendor	Product	Version	Raw CPE
x	libxfont	1.1.0	cpe:2.3:a:x:libxfont:1.1.0:::::::*
x	libxfont	1.2.0	cpe:2.3:a:x:libxfont:1.2.0:::::::*
x	libxfont	1.2.1	cpe:2.3:a:x:libxfont:1.2.1:::::::*
x	libxfont	1.2.2	cpe:2.3:a:x:libxfont:1.2.2:::::::*
x	libxfont	1.2.3	cpe:2.3:a:x:libxfont:1.2.3:::::::*
x	libxfont	1.2.4	cpe:2.3:a:x:libxfont:1.2.4:::::::*
x	libxfont	1.2.5	cpe:2.3:a:x:libxfont:1.2.5:::::::*
x	libxfont	1.2.6	cpe:2.3:a:x:libxfont:1.2.6:::::::*
x	libxfont	1.2.7	cpe:2.3:a:x:libxfont:1.2.7:::::::*
x	libxfont	1.2.8	cpe:2.3:a:x:libxfont:1.2.8:::::::*
x	libxfont	1.2.9	cpe:2.3:a:x:libxfont:1.2.9:::::::*
x	libxfont	1.3.0	cpe:2.3:a:x:libxfont:1.3.0:::::::*
x	libxfont	1.3.1	cpe:2.3:a:x:libxfont:1.3.1:::::::*
x	libxfont	1.3.2	cpe:2.3:a:x:libxfont:1.3.2:::::::*
x	libxfont	1.3.3	cpe:2.3:a:x:libxfont:1.3.3:::::::*
x	libxfont	1.3.4	cpe:2.3:a:x:libxfont:1.3.4:::::::*
x	libxfont	1.4.0	cpe:2.3:a:x:libxfont:1.4.0:::::::*
x	libxfont	1.4.1	cpe:2.3:a:x:libxfont:1.4.1:::::::*
x	libxfont	1.4.2	cpe:2.3:a:x:libxfont:1.4.2:::::::*
x	libxfont	1.4.3	cpe:2.3:a:x:libxfont:1.4.3:::::::*
x	libxfont	1.4.4	cpe:2.3:a:x:libxfont:1.4.4:::::::*
x	libxfont	1.4.5	cpe:2.3:a:x:libxfont:1.4.5:::::::*
x	libxfont	1.4.6	cpe:2.3:a:x:libxfont:1.4.6:::::::*

References for CVE-2013-6462

URL	Tags
http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=4d024ac10f964f6bd372ae0dd14f02772a6e5f63	Exploit Patch
http://lists.opensuse.org/opensuse-updates/2014-01/msg00050.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00052.html
http://lists.x.org/archives/xorg-announce/2014-January/002389.html	Vendor Advisory
http://osvdb.org/101842
http://rhn.redhat.com/errata/RHSA-2014-0018.html
http://seclists.org/oss-sec/2014/q1/33
http://secunia.com/advisories/56240	Vendor Advisory
http://secunia.com/advisories/56336
http://secunia.com/advisories/56357
http://secunia.com/advisories/56371
http://www.debian.org/security/2014/dsa-2838
http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
http://www.securityfocus.com/bid/64694
http://www.ubuntu.com/usn/USN-2078-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/90123

URL

CVE-2013-6462

Public exploit references (Exploit-DB) for CVE-2013-6462

Exploit prediction scoring system (EPSS) score for CVE-2013-6462

Common vulnerability scoring system (CVSS) metrics for CVE-2013-6462

Weakness enumeration for CVE-2013-6462

OS Trackers for CVE-2013-6462

Affected software / configurations for CVE-2013-6462

References for CVE-2013-6462