Nixpkgs security tracker
Untriaged
Permalink
CVE-2024-31083
7.8 HIGH
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
Xorg-x11-server: use-after-free in procrenderaddglyphs
A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request.
References
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
http://www.openwall.com/lists/oss-security/2024/04/03/13 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/04/12/10 x_transferred
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
http://www.openwall.com/lists/oss-security/2024/04/03/13 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/04/12/10 x_transferred
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
http://www.openwall.com/lists/oss-security/2024/04/03/13 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/04/12/10 x_transferred
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
http://www.openwall.com/lists/oss-security/2024/04/03/13 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/04/12/10 x_transferred
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
http://www.openwall.com/lists/oss-security/2024/04/03/13 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/04/12/10 x_transferred
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
http://www.openwall.com/lists/oss-security/2024/04/03/13 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/04/12/10 x_transferred
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
http://www.openwall.com/lists/oss-security/2024/04/03/13 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/04/12/10 x_transferred
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
http://www.openwall.com/lists/oss-security/2024/04/03/13 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/04/12/10 x_transferred
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
http://www.openwall.com/lists/oss-security/2024/04/03/13 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/04/12/10 x_transferred
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
http://www.openwall.com/lists/oss-security/2024/04/03/13 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/04/12/10 x_transferred
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
http://www.openwall.com/lists/oss-security/2024/04/03/13 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/04/12/10 x_transferred
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
http://www.openwall.com/lists/oss-security/2024/04/03/13 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/04/12/10 x_transferred
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
http://www.openwall.com/lists/oss-security/2024/04/03/13 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/04/12/10 x_transferred
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Affected products
tigervnc
- *
xwayland
- ==23.2.5
xorg-server
- ==21.1.12
xorg-x11-server
- *
- ==21.1.12
xorg-x11-server-Xwayland
- *