Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2010-4819

Overview

Vulnerability Score 3.6 3.6
CVE Id CVE-2010-4819
Last Modified 13 Sep 2012 12:00:00
Published 05 Sep 2012 07:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2010-4819

Summary

The ProcRenderAddGlyphs function in the Render extension (render/render.c) in X.Org xserver 1.7.7 and earlier allows local users to read arbitrary memory and possibly cause a denial of service (server crash) via unspecified vectors related to an "input sanitization flaw."

Vulnerable Systems

Application

  • X.org-xserver 1.7

  • X.org-xserver 1.7.6.902

  • X.org-xserver 1.7.7


References

CONFIRM - https://bugs.freedesktop.org/show_bug.cgi?id=28801

MLIST - [oss-security] 20110923 Re: CVE Request: X.org ProcRenderGlyps input sanitation issue

MLIST - [oss-security] 20110922 CVE Request: X.org ProcRenderGlyps input sanitation issue

SECTRACK - 1026149

REDHAT - RHSA-2011:1360

REDHAT - RHSA-2011:1359

CONFIRM - http://cgit.freedesktop.org/xorg/xserver/commit/render/render.c?id=5725849a1b427cd4a72b84e57f211edb35838718

CONFIRM - http://aix.software.ibm.com/aix/efixes/security/X_advisory2.asc

Related Patches

Novell SUSE 2011:5294 xorg-x11-server-libs security update for SLE 11 SP1 i586

Novell SUSE 2012:7954 xorg-x11 security update for SLE 10 SP4 i586

Novell SUSE 2012:7954 xorg-x11 security update for SLE 10 SP4 x86_64


Last Updated: 27 May 2016 11:00:28