PT-2021-5838 · X.Org+10 · Xorg-X11-Server+10
Jan-Niklas Sohn
·
Published
2021-12-14
·
Updated
2024-06-15
·
CVE-2021-4008
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
xorg-x11-server versions before 21.1.2 and before 1.20.14
Description
The issue is related to an out-of-bounds access in the
SProcRenderCompositeGlyphs() function of the X.Org Server, which can lead to data confidentiality and integrity issues, as well as system availability problems. An attacker can exploit this by sending a specially crafted CompositeGlyphs request, potentially allowing them to execute arbitrary code with elevated privileges.Recommendations
For versions before 21.1.2 and before 1.20.14, update to version 21.1.2 or 1.20.14 or later to resolve the issue.
As a temporary workaround, consider restricting access to the
SProcRenderCompositeGlyphs() function in the Render extension until a patch is available.Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu
Xorg-X11-Server