CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:N/A:P
EPSS
Percentile
5.1%
The ProcSetEventMask function in difs/events.c in the xfs font server for
X.Org X11R6 through X11R6.6 and XFree86 before 3.3.3 calls the
SendErrToClient function with a mask value instead of a pointer, which
allows local users to cause a denial of service (memory corruption and
crash) or obtain potentially sensitive information from memory via a
SetEventMask request that triggers an invalid pointer dereference.