Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2013-4396

Опубликовано: 10 окт. 2013
Источник: nvd
CVSS2: 6.5
EPSS Низкий

Описание

Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure.

Комментарий

Per: https://bugzilla.redhat.com/show_bug.cgi?id=1014561

"' A malicious, authorized client could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with root privileges.'

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:x:x.org_x11:6.0:*:*:*:*:*:*:*
cpe:2.3:a:x:x.org_x11:6.1:*:*:*:*:*:*:*
cpe:2.3:a:x:x.org_x11:6.3:*:*:*:*:*:*:*
cpe:2.3:a:x:x.org_x11:6.4:*:*:*:*:*:*:*
cpe:2.3:a:x:x.org_x11:6.5.1:*:*:*:*:*:*:*
cpe:2.3:a:x:x.org_x11:6.6:*:*:*:*:*:*:*
cpe:2.3:a:x:x.org_x11:6.7:*:*:*:*:*:*:*
cpe:2.3:a:x:x.org_x11:6.8:*:*:*:*:*:*:*
cpe:2.3:a:x:x.org_x11:6.8.1:*:*:*:*:*:*:*
cpe:2.3:a:x:x.org_x11:6.8.2:*:*:*:*:*:*:*
cpe:2.3:a:x:x.org_x11:6.9.0:*:*:*:*:*:*:*
cpe:2.3:a:x:x.org_x11:7.0:*:*:*:*:*:*:*
cpe:2.3:a:x:x.org_x11:7.1:*:*:*:*:*:*:*
cpe:2.3:a:x:x.org_x11:7.2:*:*:*:*:*:*:*
cpe:2.3:a:x:x.org_x11:7.3:*:*:*:*:*:*:*
cpe:2.3:a:x:x.org_x11:7.4:*:*:*:*:*:*:*
cpe:2.3:a:x:x.org_x11:7.5:*:*:*:*:*:*:*
cpe:2.3:a:x:x.org_x11:7.5:rc1:*:*:*:*:*:*
cpe:2.3:a:x:x.org_x11:7.6:*:*:*:*:*:*:*
cpe:2.3:a:x:x.org_x11:7.6:rc1:*:*:*:*:*:*
cpe:2.3:a:x:x.org_x11:7.7:*:*:*:*:*:*:*
cpe:2.3:a:x:x.org_x11:7.7:rc1:*:*:*:*:*:*

EPSS

Процентиль: 81%
0.01572
Низкий

6.5 Medium

CVSS2

Дефекты

CWE-399

Связанные уязвимости

ubuntu логотип

CVE-2013-4396

ubuntu
почти 12 лет назад

Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure.

redhat логотип

CVE-2013-4396

redhat
почти 12 лет назад

Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure.

debian логотип

CVE-2013-4396

debian
почти 12 лет назад

Use-after-free vulnerability in the doImageText function in dix/dixfon ...

github логотип

GHSA-qw42-qhpr-5gg9

github
больше 3 лет назад

Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure.

oracle-oval логотип

ELSA-2013-1426

oracle-oval
почти 12 лет назад

ELSA-2013-1426: xorg-x11-server security update (IMPORTANT)

EPSS

Процентиль: 81%
0.01572
Низкий

6.5 Medium

CVSS2

Дефекты

CWE-399