CVE-2010-4819 — Improper Input Validation in X.org-xserver

CWE-20 — Improper Input Validation8 documents8 sources

Severity

3.6LOWNVD

EPSS

0.1%

top 77.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

X.org Xorg-server X X.org-xserver

Timeline

PublishedSep 5

Latest updateMay 17

Description

The ProcRenderAddGlyphs function in the Render extension (render/render.c) in X.Org xserver 1.7.7 and earlier allows local users to read arbitrary memory and possibly cause a denial of service (server crash) via unspecified vectors related to an "input sanitization flaw."

CVSS vector

AV:L/AC:L/C:P/I:N/A:PExploitability: 3.9 | Impact: 4.9

Affected Packages2 packages

▶NVDx/x.org-xserver1.7.7+3

▶Debianx.org/xorg-server< 2:1.9.0.901-1+3

🔴Vulnerability Details

GHSA

GHSA-3ff3-7r8m-47hr: The ProcRenderAddGlyphs function in the Render extension (render/render↗2022-05-17

▶

CVEList

CVE-2010-4819: The ProcRenderAddGlyphs function in the Render extension (render/render↗2012-09-05

▶

OSV

CVE-2010-4819: The ProcRenderAddGlyphs function in the Render extension (render/render↗2012-09-05

▶

📋Vendor Advisories

Ubuntu

X.Org X server vulnerabilities↗2011-10-18

▶

Red Hat

X.org: ProcRenderAddGlyphs input sanitization flaw↗2010-08-22

▶

Debian

CVE-2010-4819: xorg-server - The ProcRenderAddGlyphs function in the Render extension (render/render.c) in X....↗2010

▶

💬Community

Bugzilla

CVE-2010-4819 X.org: ProcRenderAddGlyphs input sanitization flaw↗2011-09-23

▶