CVE-2013-4396Use After Free in X.org X11

CWE-399CWE-416Use After Free9 documents8 sources
Severity
6.5MEDIUMNVD
EPSS
2.0%
top 16.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
X.org Xorg-serverX X.org X11
Timeline
PublishedOct 10
Latest updateMay 17

Description

Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages2 packages

Debianx.org/xorg-server< 2:1.14.3-4+3
NVDx/x.org_x1119 versions+18

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-qw42-qhpr-5gg9: Use-after-free vulnerability in the doImageText function in dix/dixfonts2022-05-17
CVEList
CVE-2013-4396: Use-after-free vulnerability in the doImageText function in dix/dixfonts2013-10-10
OSV
CVE-2013-4396: Use-after-free vulnerability in the doImageText function in dix/dixfonts2013-10-10

📋Vendor Advisories

3
Ubuntu
X.Org X server vulnerabilities2013-10-17
Red Hat
xorg-x11-server: use-after-free flaw when handling ImageText requests2013-10-08
Debian
CVE-2013-4396: xorg-server - Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in th...2013

💬Community

2
Bugzilla
CVE-2013-4396 xorg-x11-server: use-after-free flaw when handling ImageText requests [fedora-all]2013-10-09
Bugzilla
CVE-2013-4396 xorg-x11-server: use-after-free flaw when handling ImageText requests2013-10-02
CVE-2013-4396 — Use After Free in X X.org X11 | cvebase