Arbitrary Code Execution

2019-05-0205:05:56

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

JSON

X.Org server is vulnerable to arbitrary code execution. Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server.

CPENameOperatorVersion
xorg-x11-servereq1.7.7__26.el6
xorg-x11-servereq1.10.4__6.el6
xorg-x11-servereq1.13.0__23.el6
xorg-x11-servereq1.15.0__22.el6
xorg-x11-servereq1.10.4__6.el6_2.3
xorg-x11-servereq1.10.4__6.el6_2.1
xorg-x11-servereq1.7.7__26.el6_0.3
xorg-x11-servereq1.13.0__11.1.el6_4.2
xorg-x11-servereq1.7.7__29.el6_1.2
xorg-x11-servereq1.13.0__23.1.el6_5

Name	Operator	Version
xorg-x11-server	eq	1.7.7__26.el6
xorg-x11-server	eq	1.10.4__6.el6
xorg-x11-server	eq	1.13.0__23.el6
xorg-x11-server	eq	1.15.0__22.el6
xorg-x11-server	eq	1.10.4__6.el6_2.3
xorg-x11-server	eq	1.10.4__6.el6_2.1
xorg-x11-server	eq	1.7.7__26.el6_0.3
xorg-x11-server	eq	1.13.0__11.1.el6_4.2
xorg-x11-server	eq	1.7.7__29.el6_1.2
xorg-x11-server	eq	1.13.0__23.1.el6_5