PT-2023-6641 · Unknown+6 · Xorg-X11-Server-Xvfb+6

Sri

Publicado

2023-10-25

Atualizado

2025-11-05

CVE-2023-5574

CVSS v3.1

7.0

Alta

Vetor

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions xorg-x11-server-Xvfb (affected versions not specified)

Description A use-after-free flaw was found in xorg-x11-server-Xvfb, specifically in a multi-screen setup with multiple protocol screens, also known as Zaphod mode. If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, allowing for possible escalation of privileges or denial of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

ALSA-2024:2298

AZL-31703

AZL-45255

BDU:2023-07411

CVE-2023-5574

ECHO-AFEB-E40E-C22F

INFSA-2024_2298

MGASA-2023-0307

OESA-2024-2261

OESA-2024-2314

OESA-2024-2315

OESA-2024-2316

OESA-2024-2317

OPENSUSE-SU-2023_4272-1

OPENSUSE-SU-2023_4292-1

OPENSUSE-SU-2023_4293-1

OPENSUSE-SU-2023_4306-1

OPENSUSE-SU-2023_4338-1

OPENSUSE-SU-2024:13361-1

OPENSUSE-SU-2024:13467-1

RHSA-2024:2298

RHSA-2024_2298

SUSE-SU-2023:4269-1

SUSE-SU-2023:4272-1

SUSE-SU-2023:4292-1

SUSE-SU-2023:4293-1

SUSE-SU-2023:4306-1

SUSE-SU-2023:4338-1

ZDI-23-1807

Produtos afetados

Almalinux

Astra Linux

Debian

Red Hat

Red Os

Suse

Xorg-X11-Server-Xvfb

PT-2023-6641 · Unknown+6 · Xorg-X11-Server-Xvfb+6

CVE-2023-5574

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 74