Multiple integer overflows in X.Org Xserver prior to 1.4.1 allow context-dependent malicious users to execute arbitrary code via (1) a GetVisualInfo request containing a 32-bit value that is improperly used to calculate an amount of memory for allocation by the EVI extension, or (2) a request containing values related to pixmap size that are improperly used in management of shared memory by the MIT-SHM extension.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
x.org xserver |
||
x.org evi |
||
x.org mit-shm |