FreshPorts - VuXML
This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-12-24 11:27:39 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68
These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
57561cfc-f24b-11ee-9730-001fc69cd6dc | xorg server -- Multiple vulnerabilities
The X.Org project reports:
-
CVE-2024-31080: Heap buffer overread/data leakage in
ProcXIGetSelectedEvents
The ProcXIGetSelectedEvents() function uses the byte-swapped
length of the return data for the amount of data to return to
the client, if the client has a different endianness than
the X server.
- CVE-2024-31081: Heap buffer overread/data leakage in
ProcXIPassiveGrabDevice
The ProcXIPassiveGrabDevice() function uses the byte-swapped
length of the return data for the amount of data to return to
the client, if the client has a different endianness than
the X server.
- CVE-2024-31083: User-after-free in ProcRenderAddGlyphs
The ProcRenderAddGlyphs() function calls the AllocateGlyph()
function to store new glyphs sent by the client to the X server.
AllocateGlyph() would return a new glyph with refcount=0 and
a re-used glyph would end up not changing the refcount at all.
The resulting glyph_new array would thus have multiple entries
pointing to the same non-refcounted glyphs.
ProcRenderAddGlyphs() may free a glyph, resulting in a
use-after-free when the same glyph pointer is then later used.
Discovery 2024-04-03 Entry 2024-04-04 xorg-server
xephyr
xorg-vfbserver
< 21.1.12,1
xorg-nextserver
< 21.1.12,2
xwayland
< 23.2.5
xwayland-devel
>= 21.0.99.1.672 lt 21.0.99.1.841_1
< 21.0.99.1.671_1
CVE-2024-31080
CVE-2024-31081
CVE-2024-31083
https://lists.x.org/archives/xorg-announce/2024-April/003497.html
|
141f2a22-a6a7-11ef-b282-0c9d92850f7a | xorg server -- _XkbSetCompatMap vulnerability
The X.Org project reports:
-
CVE-2024-9632: Heap buffer Heap-based buffer overflow
privilege escalation in _XkbSetCompatMap
The _XkbSetCompatMap() function attempts to resize
the `sym_interpret` buffer.
However, It didn't update its size properly.
It updated `num_si` only, without updating `size_si`.
This may lead to local privilege escalation if the
server is run as root or remote code execution
(e.g. x11 over ssh).
Discovery 2024-10-29 Entry 2024-11-19 xorg-server
< 21.1.14,1
xwayland
< 24.1.4,1
CVE-2024-9632
https://lists.x.org/archives/xorg-announce/2024-October/003545.html
|