PT-2023-6641 · Unknown+6 · Xorg-X11-Server-Xvfb+6

Sri

Published

2023-10-25

Updated

2025-11-05

CVE-2023-5574

CVSS v3.1

7.0

High

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions xorg-x11-server-Xvfb (affected versions not specified)

Description A use-after-free flaw was found in xorg-x11-server-Xvfb, specifically in a multi-screen setup with multiple protocol screens, also known as Zaphod mode. If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, allowing for possible escalation of privileges or denial of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2024:2298

AZL-31703

AZL-45255

BDU:2023-07411

CVE-2023-5574

ECHO-AFEB-E40E-C22F

INFSA-2024_2298

MGASA-2023-0307

OESA-2024-2261

OESA-2024-2314

OESA-2024-2315

OESA-2024-2316

OESA-2024-2317

OPENSUSE-SU-2023_4272-1

OPENSUSE-SU-2023_4292-1

OPENSUSE-SU-2023_4293-1

OPENSUSE-SU-2023_4306-1

OPENSUSE-SU-2023_4338-1

OPENSUSE-SU-2024:13361-1

OPENSUSE-SU-2024:13467-1

RHSA-2024:2298

RHSA-2024_2298

SUSE-SU-2023:4269-1

SUSE-SU-2023:4272-1

SUSE-SU-2023:4292-1

SUSE-SU-2023:4293-1

SUSE-SU-2023:4306-1

SUSE-SU-2023:4338-1

ZDI-23-1807

Affected Products

Almalinux

Astra Linux

Debian

Red Hat

Red Os

Suse

Xorg-X11-Server-Xvfb

PT-2023-6641 · Unknown+6 · Xorg-X11-Server-Xvfb+6

CVE-2023-5574

Weakness Enumeration

Related Identifiers

Affected Products

References · 74