CVE-2013-4396
xorg-server - use-after-free
EPSS 2.0%
Description
Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure.
How to fix CVE-2013-4396
To remediate CVE-2013-4396, upgrade the affected package to a fixed version below.
- Debian/xorg-server—upgrade to 2:1.14.3-4 or later
- Debian/xorg-server—upgrade to 2:1.7.7-17 or later
Is CVE-2013-4396 being exploited?
Low — EPSS is 2.0%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 2:1.14.3-4
- from 0, < 2:1.7.7-17