CVE-2013-4396: Use After Free
First published: Wed Oct 02 2013(Updated: )
Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| X X.org X11 | =6.0 | |
| X X.org X11 | =6.1 | |
| X X.org X11 | =6.3 | |
| X X.org X11 | =6.4 | |
| X X.org X11 | =6.5.1 | |
| X X.org X11 | =6.6 | |
| X X.org X11 | =6.7 | |
| X X.org X11 | =6.8 | |
| X X.org X11 | =6.8.1 | |
| X X.org X11 | =6.8.2 | |
| X X.org X11 | =6.9.0 | |
| X X.org X11 | =7.0 | |
| X X.org X11 | =7.1 | |
| X X.org X11 | =7.2 | |
| X X.org X11 | =7.3 | |
| X X.org X11 | =7.4 | |
| X X.org X11 | =7.5 | |
| X X.org X11 | =7.5-rc1 | |
| X X.org X11 | =7.6 | |
| X X.org X11 | =7.6-rc1 | |
| X X.org X11 | =7.7 | |
| X X.org X11 | =7.7-rc1 | |
| redhat/xorg-x11-server | <1.15.0 | 1.15.0 |
| redhat/xorg-x11-server | <1.14.4 | 1.14.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=806554&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=806554&action=edit
- http://lists.x.org/archives/xorg-announce/2013-October/002332.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1017013
- https://rhn.redhat.com/errata/RHSA-2013-1426.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1014561
- http://lists.opensuse.org/opensuse-updates/2013-10/msg00056.html
- http://lists.opensuse.org/opensuse-updates/2013-10/msg00060.html
- http://openwall.com/lists/oss-security/2013/10/08/6
- http://rhn.redhat.com/errata/RHSA-2013-1426.html
- http://www.debian.org/security/2013/dsa-2784
- http://www.securityfocus.com/bid/62892
- http://www.ubuntu.com/usn/USN-1990-1
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/author
- agent/remedy
- agent/last-modified-date
- agent/severity
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2013-4396
- agent/software-canonical-lookup
- agent/tags
- agent/trending
- vendor/x
- canonical/x x.org x11
- version/x x.org x11/6.0
- version/x x.org x11/6.1
- version/x x.org x11/6.3
- version/x x.org x11/6.4
- version/x x.org x11/6.5.1
- version/x x.org x11/6.6
- version/x x.org x11/6.7
- version/x x.org x11/6.8
- version/x x.org x11/6.8.1
- version/x x.org x11/6.8.2
- version/x x.org x11/6.9.0
- version/x x.org x11/7.0
- version/x x.org x11/7.1
- version/x x.org x11/7.2
- version/x x.org x11/7.3
- version/x x.org x11/7.4
- version/x x.org x11/7.5
- version/x x.org x11/7.5-rc1
- version/x x.org x11/7.6
- version/x x.org x11/7.6-rc1
- version/x x.org x11/7.7
- version/x x.org x11/7.7-rc1
- package-manager/redhat