CVE-2013-4396

2013-10-10T10:55:00
ID CVE-2013-4396
Type cve
Reporter cve@mitre.org
Modified 2016-11-28T19:09:00

Description

Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure. Per: https://bugzilla.redhat.com/show_bug.cgi?id=1014561

"' A malicious, authorized client could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with root privileges.'