Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv2

CVE-2013-4396

Published: 10/10/2013 Updated: 28/11/2016
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
VMScore: 578
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to X.org X11

Vulnerability Summary

Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module prior to 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure.

Vulnerable Product Search on Vulmon Subscribe to Product

x x.org x11 6.0

x x.org x11 6.1

x x.org x11 6.8.1

x x.org x11 6.8.2

x x.org x11 7.5

x x.org x11 7.6

x x.org x11 6.3

x x.org x11 6.4

x x.org x11 6.9.0

x x.org x11 7.0

x x.org x11 7.7

x x.org x11 6.5.1

x x.org x11 6.6

x x.org x11 7.1

x x.org x11 7.2

x x.org x11 7.3

x x.org x11 6.7

x x.org x11 6.8

x x.org x11 7.4

Vendor Advisories

Red Hat: Important: xorg-x11-server security update
Synopsis Important: xorg-x11-server security update Type/Severity Security Advisory: Important Topic Updated xorg-x11-server packages that fix one security issue are nowavailable for Red Hat Enterprise Linux 5 and 6The Red Hat Security Response Team has rated this update as havingimportant security impact ...
Ubuntu Security Notice: xorg-server, xorg-server-lts-quantal, xorg-server-lts-raring vulnerabilities
The XOrg X server could be made to crash or run programs as an administrator if it received specially crafted input ...
Debian Security Advisories: DSA-2784-1 xorg-server -- use-after-free
Pedro Ribeiro discovered a use-after-free in the handling of ImageText requests in the Xorg Xserver, which could result in denial of service or privilege escalation For the oldstable distribution (squeeze), this problem has been fixed in version 177-17 For the stable distribution (wheezy), this problem has been fixed in version 1124-6+deb7u1 ...
Amazon Linux AMI: ALAS-2013-234
A use-after-free flaw was found in the way the XOrg server handled ImageText requests A malicious, authorized client could use this flaw to crash the XOrg server or, potentially, execute arbitrary code with root privileges (CVE-2013-4396) ...
Red Hat: CVE-2013-4396
Use-after-free vulnerability in the doImageText function in dix/dixfontsc in the xorg-server module before 1144 in XOrg X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure ...

References

CWE-399http://openwall.com/lists/oss-security/2013/10/08/6http://lists.x.org/archives/xorg-announce/2013-October/002332.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1014561http://rhn.redhat.com/errata/RHSA-2013-1426.htmlhttp://www.debian.org/security/2013/dsa-2784http://www.ubuntu.com/usn/USN-1990-1http://lists.opensuse.org/opensuse-updates/2013-10/msg00060.htmlhttp://lists.opensuse.org/opensuse-updates/2013-10/msg00056.htmlhttp://www.securityfocus.com/bid/62892https://access.redhat.com/errata/RHSA-2013:1426https://usn.ubuntu.com/1990-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2013-4396
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-1183hard-codedCVE-2024-28254CVE-2023-43790buffer overflowbypassCVE-2024-32633CVE-2024-1874CVE-2024-23558
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook