CVE-2013-4396

MEDIUM
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure.

References

http://lists.opensuse.org/opensuse-updates/2013-10/msg00056.html

http://lists.opensuse.org/opensuse-updates/2013-10/msg00060.html

http://lists.x.org/archives/xorg-announce/2013-October/002332.html

http://openwall.com/lists/oss-security/2013/10/08/6

http://rhn.redhat.com/errata/RHSA-2013-1426.html

http://www.debian.org/security/2013/dsa-2784

http://www.securityfocus.com/bid/62892

http://www.ubuntu.com/usn/USN-1990-1

https://bugzilla.redhat.com/show_bug.cgi?id=1014561

Details

Source: MITRE

Published: 2013-10-10

Updated: 2016-11-28

Type: CWE-399

Risk Information

CVSS v2

Base Score: 6.5

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8

Severity: MEDIUM

Tenable Plugins

View all (21 total)

IDNameProductFamilySeverity
80821Oracle Solaris Third-Party Patch Update : xorg (cve_2013_4396_use_after)NessusSolaris Local Security Checks
medium
75179openSUSE Security Update : xorg-x11-server (openSUSE-SU-2013:1610-1)NessusSuSE Local Security Checks
medium
74028GLSA-201405-07 : X.Org X Server: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium
72288AIX 7.1 TL 3 : xorg (IV53246)NessusAIX Local Security Checks
medium
72287AIX 6.1 TL 9 : xorg (IV52978)NessusAIX Local Security Checks
medium
72070AIX 5.3 TL 12 : xorg (IV53331)NessusAIX Local Security Checks
medium
72069AIX 7.1 TL 2 : xorg (IV52186)NessusAIX Local Security Checks
medium
72068AIX 7.1 TL 1 : xorg (IV52185)NessusAIX Local Security Checks
medium
72067AIX 6.1 TL 8 : xorg (IV52184)NessusAIX Local Security Checks
medium
72066AIX 6.1 TL 7 : xorg (IV52181)NessusAIX Local Security Checks
medium
70961SuSE 11.2 / 11.3 Security Update : xorg-x11-server (SAT Patch Numbers 8463 / 8464)NessusSuSE Local Security Checks
medium
70896Amazon Linux AMI : xorg-x11-server (ALAS-2013-234)NessusAmazon Linux Local Security Checks
medium
70679Mandriva Linux Security Advisory : x11-server (MDVSA-2013:259)NessusMandriva Local Security Checks
medium
70595FreeBSD : xorg-server -- use-after-free (9a57c607-3cab-11e3-b4d9-bcaec565249c)NessusFreeBSD Local Security Checks
medium
70548Debian DSA-2784-1 : xorg-server - use-after-freeNessusDebian Local Security Checks
medium
70492Ubuntu 12.04 LTS / 12.10 / 13.04 : xorg-server, xorg-server-lts-quantal, xorg-server-lts-raring vulnerabilities (USN-1990-1)NessusUbuntu Local Security Checks
medium
70468Scientific Linux Security Update : xorg-x11-server on SL5.x, SL6.x i386/x86_64 (20131015)NessusScientific Linux Local Security Checks
medium
70464CentOS 5 / 6 : xorg-x11-server (CESA-2013:1426)NessusCentOS Local Security Checks
medium
70451RHEL 5 / 6 : xorg-x11-server (RHSA-2013:1426)NessusRed Hat Local Security Checks
medium
70450Oracle Linux 5 / 6 : xorg-x11-server (ELSA-2013-1426)NessusOracle Linux Local Security Checks
medium
70441Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 14.0 / current : xorg-server (SSA:2013-287-05)NessusSlackware Local Security Checks
medium