CVE-2010-4818 — Improper Input Validation in X.org

CWE-20 — Improper Input Validation11 documents8 sources

Severity

8.5HIGHNVD

EPSS

2.8%

top 13.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

X.org Xorg-server X.org

Timeline

PublishedSep 5

Latest updateMay 17

Description

The GLX extension in X.Org xserver 1.7.7 allows remote authenticated users to cause a denial of service (server crash) and possibly execute arbitrary code via (1) a crafted request that triggers a client swap in glx/glxcmdsswap.c; or (2) a crafted length or (3) a negative value in the screen field in a request to glx/glxcmds.c.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 6.8 | Impact: 10.0

Affected Packages2 packages

▶Debianx.org/xorg-server< 2:1.9.99.902-1+3

▶NVDx.org/x.org1.7.7

Patches

Patch: cgit.freedesktop.org ↗Patch: cgit.freedesktop.org ↗

🔴Vulnerability Details

GHSA

GHSA-c8m7-2vm3-5fjq: The GLX extension in X↗2022-05-17

▶

OSV

CVE-2010-4818: The GLX extension in X↗2012-09-05

▶

CVEList

CVE-2010-4818: The GLX extension in X↗2012-09-05

▶

📋Vendor Advisories

Ubuntu

X.Org X server vulnerability↗2011-10-20

▶

Ubuntu

X.Org X server regression↗2011-10-19

▶

Ubuntu

X.Org X server vulnerabilities↗2011-10-18

▶

Red Hat

X.org: multiple GLX input sanitization flaws↗2011-09-21

▶

Debian

CVE-2010-4818: xorg-server - The GLX extension in X.Org xserver 1.7.7 allows remote authenticated users to ca...↗2010

▶

💬Community

Bugzilla

CVE-2010-4818 X.org: multiple GLX input sanitization flaws [fedora-14]↗2011-10-06

▶

Bugzilla

CVE-2010-4818 X.org: multiple GLX input sanitization flaws↗2011-09-23

▶