CVE-2013-4396

Published: 10 October 2013

Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure.

Priority

Medium

Status

Package Release Status
xorg-server
Launchpad, Ubuntu, Debian
Upstream
Released (2:1.14.3-4)
Patches:
upstream: 7bddc2ba16a2a15773c2ea8947059afa27727764
xorg-server-lts-quantal
Launchpad, Ubuntu, Debian
Upstream Needs triage

xorg-server-lts-raring
Launchpad, Ubuntu, Debian
Upstream Needs triage