FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-19 19:12:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
57561cfc-f24b-11ee-9730-001fc69cd6dc	xorg server -- Multiple vulnerabilities The X.Org project reports: CVE-2024-31080: Heap buffer overread/data leakage in ProcXIGetSelectedEvents The ProcXIGetSelectedEvents() function uses the byte-swapped length of the return data for the amount of data to return to the client, if the client has a different endianness than the X server. CVE-2024-31081: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice The ProcXIPassiveGrabDevice() function uses the byte-swapped length of the return data for the amount of data to return to the client, if the client has a different endianness than the X server. CVE-2024-31083: User-after-free in ProcRenderAddGlyphs The ProcRenderAddGlyphs() function calls the AllocateGlyph() function to store new glyphs sent by the client to the X server. AllocateGlyph() would return a new glyph with refcount=0 and a re-used glyph would end up not changing the refcount at all. The resulting glyph_new array would thus have multiple entries pointing to the same non-refcounted glyphs. ProcRenderAddGlyphs() may free a glyph, resulting in a use-after-free when the same glyph pointer is then later used. Discovery 2024-04-03 Entry 2024-04-04 xorg-server xephyr xorg-vfbserver < 21.1.12,1 xorg-nextserver < 21.1.12,2 xwayland < 23.2.5 xwayland-devel >= 21.0.99.1.672 lt 21.0.99.1.841_1 < 21.0.99.1.671_1 CVE-2024-31080 CVE-2024-31081 CVE-2024-31083 https://lists.x.org/archives/xorg-announce/2024-April/003497.html

VuXML ID

Description

57561cfc-f24b-11ee-9730-001fc69cd6dc

xorg server -- Multiple vulnerabilities

The X.Org project reports:

CVE-2024-31080: Heap buffer overread/data leakage in ProcXIGetSelectedEvents
The ProcXIGetSelectedEvents() function uses the byte-swapped length of the return data for the amount of data to return to the client, if the client has a different endianness than the X server.

CVE-2024-31081: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice
The ProcXIPassiveGrabDevice() function uses the byte-swapped length of the return data for the amount of data to return to the client, if the client has a different endianness than the X server.

CVE-2024-31083: User-after-free in ProcRenderAddGlyphs
The ProcRenderAddGlyphs() function calls the AllocateGlyph() function to store new glyphs sent by the client to the X server. AllocateGlyph() would return a new glyph with refcount=0 and a re-used glyph would end up not changing the refcount at all. The resulting glyph_new array would thus have multiple entries pointing to the same non-refcounted glyphs. ProcRenderAddGlyphs() may free a glyph, resulting in a use-after-free when the same glyph pointer is then later used.

Discovery 2024-04-03
Entry 2024-04-04
xorg-server
xephyr
xorg-vfbserver

< 21.1.12,1

xorg-nextserver

< 21.1.12,2

xwayland

< 23.2.5

xwayland-devel

>= 21.0.99.1.672 lt 21.0.99.1.841_1

< 21.0.99.1.671_1

CVE-2024-31080
CVE-2024-31081
CVE-2024-31083
https://lists.x.org/archives/xorg-announce/2024-April/003497.html