CVE-2013-4396

Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure.

CVSS v2.0 6.5 MEDIUM

6.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://lists.opensuse.org/opensuse-updates/2013-10/msg00056.html
http://lists.opensuse.org/opensuse-updates/2013-10/msg00060.html
http://lists.x.org/archives/xorg-announce/2013-October/002332.html	Vendor Advisory
http://openwall.com/lists/oss-security/2013/10/08/6
http://rhn.redhat.com/errata/RHSA-2013-1426.html
http://www.debian.org/security/2013/dsa-2784
http://www.securityfocus.com/bid/62892
http://www.ubuntu.com/usn/USN-1990-1
https://bugzilla.redhat.com/show_bug.cgi?id=1014561	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:x:x.org_x11:6.0:::::::*
	cpe:2.3:a:x:x.org_x11:6.1:::::::*
	cpe:2.3:a:x:x.org_x11:6.3:::::::*
	cpe:2.3:a:x:x.org_x11:6.4:::::::*
	cpe:2.3:a:x:x.org_x11:6.5.1:::::::*
	cpe:2.3:a:x:x.org_x11:6.6:::::::*
	cpe:2.3:a:x:x.org_x11:6.7:::::::*
	cpe:2.3:a:x:x.org_x11:6.8:::::::*
	cpe:2.3:a:x:x.org_x11:6.8.1:::::::*
	cpe:2.3:a:x:x.org_x11:6.8.2:::::::*
	cpe:2.3:a:x:x.org_x11:6.9.0:::::::*
	cpe:2.3:a:x:x.org_x11:7.0:::::::*
	cpe:2.3:a:x:x.org_x11:7.1:::::::*
	cpe:2.3:a:x:x.org_x11:7.2:::::::*
	cpe:2.3:a:x:x.org_x11:7.3:::::::*
	cpe:2.3:a:x:x.org_x11:7.4:::::::*
	cpe:2.3:a:x:x.org_x11:7.5:::::::*
	cpe:2.3:a:x:x.org_x11:7.5:rc1::::::
	cpe:2.3:a:x:x.org_x11:7.6:::::::*
	cpe:2.3:a:x:x.org_x11:7.6:rc1::::::
	cpe:2.3:a:x:x.org_x11:7.7:::::::*
	cpe:2.3:a:x:x.org_x11:7.7:rc1::::::

History

No history.

Information

Published : 2013-10-10 10:55

Updated : 2023-12-10 11:16

NVD link : CVE-2013-4396

Mitre link : CVE-2013-4396

CVE.ORG link : CVE-2013-4396

JSON object : View

Products Affected

x

x.org_x11

CWE

CWE-399

Resource Management Errors

{"id": "CVE-2013-4396", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-10-10T10:55:06.473", "references": [{"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00056.html", "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00060.html", "source": "secalert@redhat.com"}, {"url": "http://lists.x.org/archives/xorg-announce/2013-October/002332.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://openwall.com/lists/oss-security/2013/10/08/6", "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-1426.html", "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2013/dsa-2784", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/62892", "source": "secalert@redhat.com"}, {"url": "http://www.ubuntu.com/usn/USN-1990-1", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1014561", "tags": ["Patch"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-399"}]}], "descriptions": [{"lang": "en", "value": "Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure."}, {"lang": "es", "value": "Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n en la funci\u00f3n dolmageText en dix/dixfonts.c del m\u00f3dulo xorg-server anterior a la versi\u00f3n 1.14.4 en X.Org X11 permite a usuarios remotos autenticados provocar una denegaci\u00f3n de servicio (cuelgue del demonio) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de una petici\u00f3n ImageText manipulada que provoque un fallo de reubicaci\u00f3n de memoria."}], "lastModified": "2016-11-28T19:09:36.033", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:x:x.org_x11:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65F124DB-D9B5-4470-AAB9-24DF998D01A8"}, {"criteria": "cpe:2.3:a:x:x.org_x11:6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5CD09288-DCC6-4C43-B31C-8056AB319F1B"}, {"criteria": "cpe:2.3:a:x:x.org_x11:6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "938CB0B0-FF9E-418B-93F6-3AC17A5D0D53"}, {"criteria": "cpe:2.3:a:x:x.org_x11:6.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "26097D33-E3CF-4F5D-A4B0-B3EF384A15CD"}, {"criteria": "cpe:2.3:a:x:x.org_x11:6.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA8AEBCE-AD1B-4FE8-A3BA-228D0E5CD1F3"}, {"criteria": "cpe:2.3:a:x:x.org_x11:6.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ACB34DA6-F07C-4AB4-8356-0CA500A5E609"}, {"criteria": "cpe:2.3:a:x:x.org_x11:6.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AABE653B-D60C-4DAE-8C59-640CCA8E29E2"}, {"criteria": "cpe:2.3:a:x:x.org_x11:6.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A376D24F-C30B-4588-8727-6F4C79257D4B"}, {"criteria": "cpe:2.3:a:x:x.org_x11:6.8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "31D33FE0-4A26-419F-8BDC-F4D6FEDE340B"}, {"criteria": "cpe:2.3:a:x:x.org_x11:6.8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A1134B7-C534-4A92-B83F-54CDF99434A2"}, {"criteria": "cpe:2.3:a:x:x.org_x11:6.9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "08C160D7-A821-41D9-B5B5-66F119543FA0"}, {"criteria": "cpe:2.3:a:x:x.org_x11:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09B4D961-C351-483B-B769-ECE98E28A3C2"}, {"criteria": "cpe:2.3:a:x:x.org_x11:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B93FCD1-0E9D-4BD9-A939-A1D13A06FDB4"}, {"criteria": "cpe:2.3:a:x:x.org_x11:7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C01EC0B7-8B16-46D1-BC45-126BC56F7337"}, {"criteria": "cpe:2.3:a:x:x.org_x11:7.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F03B0C6D-1709-4EDA-8EC9-5ACA30BF4806"}, {"criteria": "cpe:2.3:a:x:x.org_x11:7.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1ED2589-35D2-4F61-8E08-808E36F6D64C"}, {"criteria": "cpe:2.3:a:x:x.org_x11:7.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D39DF9B-2EE4-446E-956C-46D090D93DE3"}, {"criteria": "cpe:2.3:a:x:x.org_x11:7.5:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7659F139-6C75-4BAE-91B5-BE9C69B0606B"}, {"criteria": "cpe:2.3:a:x:x.org_x11:7.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F862B02-1BA8-4664-9A76-134D89DCA2E5"}, {"criteria": "cpe:2.3:a:x:x.org_x11:7.6:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "685174BE-2C3F-4F64-93E7-74F9FF402D63"}, {"criteria": "cpe:2.3:a:x:x.org_x11:7.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF505976-A4BD-46CC-8080-B04FA107E336"}, {"criteria": "cpe:2.3:a:x:x.org_x11:7.7:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E729807-0253-4B31-A9C2-B7FBB8954BD9"}], "operator": "OR"}]}], "evaluatorComment": "Per: https://bugzilla.redhat.com/show_bug.cgi?id=1014561\n\n\"' A malicious, authorized client could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with root privileges.'", "sourceIdentifier": "secalert@redhat.com"}