- Description
- The ProcSetEventMask function in difs/events.c in the xfs font server for X.Org X11R6 through X11R6.6 and XFree86 before 3.3.3 calls the SendErrToClient function with a mask value instead of a pointer, which allows local users to cause a denial of service (memory corruption and crash) or obtain potentially sensitive information from memory via a SetEventMask request that triggers an invalid pointer dereference.
- Source
- secalert_us@oracle.com
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 3.6
- Impact score
- 4.9
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:P/I:N/A:P
- nvd@nist.gov
- CWE-119
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:x:x.org_x11:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "65F124DB-D9B5-4470-AAB9-24DF998D01A8"
},
{
"criteria": "cpe:2.3:a:x:x.org_x11:6.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5CD09288-DCC6-4C43-B31C-8056AB319F1B"
},
{
"criteria": "cpe:2.3:a:x:x.org_x11:6.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "938CB0B0-FF9E-418B-93F6-3AC17A5D0D53"
},
{
"criteria": "cpe:2.3:a:x:x.org_x11:6.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "26097D33-E3CF-4F5D-A4B0-B3EF384A15CD"
},
{
"criteria": "cpe:2.3:a:x:x.org_x11:6.5.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EA8AEBCE-AD1B-4FE8-A3BA-228D0E5CD1F3"
},
{
"criteria": "cpe:2.3:a:x:x.org_x11:6.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ACB34DA6-F07C-4AB4-8356-0CA500A5E609"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xfree86:xfree86:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BD050455-8E7E-4BCF-A4AC-60A509762F39",
"versionEndIncluding": "3.3.2"
}
],
"operator": "OR"
}
]
}
]