Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2024-31083HistoryApr 05, 2024 - 12:15 p.m.
CVE-2024-31083
2024-04-0512:15:37
Debian Security Bug Tracker
security-tracker.debian.org
11
xorg
procrenderaddglyphs
use-after-free
arbitrary code execution
authenticated attacker
unix
cve-2024-31083
0.0004 Low
EPSS
Percentile
10.1%
A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | xorg-server | < 2:21.1.7-3+deb12u7 | xorg-server_2:21.1.7-3+deb12u7_all.deb |
| Debian | 11 | all | xorg-server | < 2:1.20.11-1+deb11u13 | xorg-server_2:1.20.11-1+deb11u13_all.deb |
| Debian | 10 | all | xorg-server | < 2:1.20.4-1+deb10u14 | xorg-server_2:1.20.4-1+deb10u14_all.deb |
| Debian | 999 | all | xorg-server | < 2:21.1.11-3 | xorg-server_2:21.1.11-3_all.deb |
| Debian | 13 | all | xorg-server | < 2:21.1.11-3 | xorg-server_2:21.1.11-3_all.deb |
| Debian | 12 | all | xwayland | <= 2:22.1.9-1 | xwayland_2:22.1.9-1_all.deb |
| Debian | 999 | all | xwayland | < 2:23.2.6-1 | xwayland_2:23.2.6-1_all.deb |
| Debian | 13 | all | xwayland | < 2:23.2.6-1 | xwayland_2:23.2.6-1_all.deb |
Related
amazon
amazon
Important: tigervnc
2024-04-11 01:43:00
Important: xorg-x11-server
2024-04-11 01:43:00
Important: xorg-x11-server
2024-04-11 01:07:00
alpinelinux
alpinelinux
CVE-2024-31083
2024-04-05 12:15:37
mageia
mageia
cgr
cgr
CVE-2024-31083 vulnerabilities
2024-05-19 03:07:16
cve
cve
CVE-2024-31083
2024-04-05 12:15:37
wolfi
wolfi
CVE-2024-31083 vulnerabilities
2024-06-02 09:07:39
zdi
zdi
nessus
nessus
Amazon Linux AMI : tigervnc (ALAS-2024-1927)
2024-04-17 00:00:00
Amazon Linux AMI : xorg-x11-server (ALAS-2024-1928)
2024-04-17 00:00:00
Oracle Linux 7 : tigervnc (ELSA-2024-2080)
2024-04-29 00:00:00
cvelist
cvelist
CVE-2024-31083 Xorg-x11-server: use-after-free in procrenderaddglyphs
2024-04-05 12:04:49
veracode
veracode
Use After Free
2024-04-11 02:44:08
ubuntucve
ubuntucve
CVE-2024-31083
2024-03-04 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2024:1263-1)
2024-05-07 00:00:00
Mageia: Security Advisory (MGASA-2024-0137)
2024-04-19 00:00:00
Debian: Security Advisory (DLA-3787-1)
2024-04-15 00:00:00
redhatcve
redhatcve
CVE-2024-31083
2024-04-04 08:24:08
redhat
redhat
(RHSA-2024:3261) Important: tigervnc security update
2024-05-22 10:41:22
(RHSA-2024:3258) Moderate: xorg-x11-server security update
2024-05-22 10:41:21
(RHSA-2024:2080) Important: tigervnc security update
2024-04-29 01:07:43
freebsd
freebsd
xorg server -- Multiple vulnerabilities
2024-04-03 00:00:00
oraclelinux
oraclelinux
X.Org server security update
2024-04-11 00:00:00
tigervnc security update
2024-04-24 00:00:00
tigervnc security update
2024-04-29 00:00:00
osv
osv
Important: tigervnc security update
2024-05-06 13:04:21
Important: tigervnc security update
2024-05-22 00:00:00
Moderate: xorg-x11-server security update
2024-05-22 00:00:00
almalinux
almalinux
Important: xorg-x11-server-Xwayland security update
2024-05-23 00:00:00
Moderate: xorg-x11-server security update
2024-05-22 00:00:00
Important: tigervnc security update
2024-05-22 00:00:00
rocky
rocky
tigervnc security update
2024-05-10 14:32:42
tigervnc security update
2024-05-06 13:04:21
fedora
fedora
[SECURITY] Fedora 38 Update: xorg-x11-server-Xwayland-22.1.9-7.fc38
2024-04-24 01:36:56
[SECURITY] Fedora 40 Update: xorg-x11-server-Xwayland-23.2.6-1.fc40
2024-04-19 21:43:34
[SECURITY] Fedora 39 Update: xorg-x11-server-Xwayland-23.2.6-1.fc39
2024-04-24 01:18:17
ubuntu
ubuntu
X.Org X Server regression
2024-04-09 00:00:00
redos
redos
ROS-20240507-07
2024-05-07 00:00:00
slackware
slackware
[slackware-security] xorg-server
2024-04-03 22:25:44
[slackware-security] tigervnc
2024-04-05 20:14:40