CVE-2013-4396

Severity

65%

Complexity

80%

Confidentiality

106%

Per: https://bugzilla.redhat.com/show_bug.cgi?id=1014561 "' A malicious, authorized client could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with root privileges.'

Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure.

Per: https://bugzilla.redhat.com/show_bug.cgi?id=1014561 "' A malicious, authorized client could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with root privileges.'

CVSS 2.0 Base Score 6.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P).

Overview

Type

X.Org X11

First reported 11 years ago

2013-10-10 10:55:00

Last updated 8 years ago

2016-11-28 19:09:00

Affected Software

X.Org X11 R6.0

6.0

X.Org X11 R6.1

6.1

X.Org X11 R6.3

6.3

X.Org X11 R6.4

6.4

X.Org X11 R6.5.1

6.5.1

X.Org X11 R6.6

6.6

X.Org X11 R6.7

6.7

X.Org X11 R6.8

6.8

X.Org X11 R6.8.1

6.8.1

X.Org X11 R6.8.2

6.8.2

X.Org X11 R6.9.0

6.9.0

X.Org X11 R7.0

7.0

X.Org X11 R7.1

7.1

X.Org X11 R7.2

7.2

X.Org X11 R7.3

7.3

X.Org X11 R7.4

7.4

X.Org X11 R7.5

7.5

X.Org X11 R7.5 release candidate 1

7.5

X.Org X11 R7.6

7.6

X.Org X11 R7.6 release candidate 1

7.6

X.Org X11 R7.7

7.7

X.Org X11 R7.7 release candidate 1

7.7

References

openSUSE-SU-2013:1610

openSUSE-SU-2013:1614

[xorg-announce] 20131008 X.Org security advisory: CVE-2013-4396: Use after free in Xserver handling of ImageText requests

Vendor Advisory

[oss-security] 20131008 Fwd: X.Org security advisory: CVE-2013-4396: Use after free in Xserver handling of ImageText requests

RHSA-2013:1426

DSA-2784

62892

USN-1990-1

https://bugzilla.redhat.com/show_bug.cgi?id=1014561

Patch

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.