Select your cookie preferences

We use cookies and similar tools to enhance your experience, provide our services, deliver relevant advertising, and make improvements. Approved third parties also use these tools to help us deliver advertising and provide certain site features.

CVE-2024-31083

Public on 2024-04-05
Modified on 2024-04-05
Description

The ProcRenderAddGlyphs() function calls the AllocateGlyph() function to store new glyphs sent by the client to the X server. AllocateGlyph() would return a new glyph with refcount=0 and a re-used glyph would end up not changing the refcount at all. The resulting glyph_new array would thus have multiple entries pointing to the same non-refcounted glyphs.

ProcRenderAddGlyphs() may free a glyph, resulting in a use-after-free when the same glyph pointer is then later used.

Severity
Important
See what this means
CVSS v3 Base Score
7.8
See breakdown
Continue reading

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 1 tigervnc 2024-04-11 01:43 ALAS-2024-1927
Amazon Linux 2 - Core tigervnc 2024-04-11 01:07 ALAS2-2024-2510
Amazon Linux 1 xorg-x11-server 2024-04-11 01:43 ALAS-2024-1928
Amazon Linux 2 - Core xorg-x11-server 2024-04-11 01:07 ALAS2-2024-2511
Amazon Linux 2023 xorg-x11-server 2024-04-10 22:17 ALAS2023-2024-583

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
NVD CVSSv3 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H