X.Org X Server Protocol Handling Multiple Out-Of-Bounds Memory Corruption Vulnerabilities
20 Apr. 2015
The GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) __glXDisp_Render, (2) __glXDisp_RenderLarge, (3) __glXDispSwap_VendorPrivate, (4) __glXDispSwap_VendorPrivateWithReply, (5) set_client_info, (6) __glXDispSwap_SetClientInfoARB, (7) DoSwapInterval, (8) DoGetProgramString, (9) DoGetString,
The information has been provided by Ilja van Sprundel of IOActive.
* X.Org X Window System (aka X11 and X) X11R5 and X.Org Server (aka xserver and xorg-server) before 1.16.3
* X.Org X Window System (aka X11 and X) X11R5 and X.Org Server (aka xserver and xorg-server) after 1.16.3
X.Org X Server is prone to multiple integer-overflow vulnerabilities Attackers can exploit these issues to execute arbitrary code with root privileges. Failed exploit attempts may result in a denial-of-service condition.