A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | xorg-server | < 2:21.1.7-3+deb12u7 | xorg-server_2:21.1.7-3+deb12u7_all.deb |
Debian | 11 | all | xorg-server | < 2:1.20.11-1+deb11u13 | xorg-server_2:1.20.11-1+deb11u13_all.deb |
Debian | 10 | all | xorg-server | < 2:1.20.4-1+deb10u14 | xorg-server_2:1.20.4-1+deb10u14_all.deb |
Debian | 999 | all | xorg-server | < 2:21.1.11-3 | xorg-server_2:21.1.11-3_all.deb |
Debian | 13 | all | xorg-server | < 2:21.1.11-3 | xorg-server_2:21.1.11-3_all.deb |
Debian | 12 | all | xwayland | <= 2:22.1.9-1 | xwayland_2:22.1.9-1_all.deb |
Debian | 999 | all | xwayland | < 2:23.2.6-1 | xwayland_2:23.2.6-1_all.deb |
Debian | 13 | all | xwayland | < 2:23.2.6-1 | xwayland_2:23.2.6-1_all.deb |