Back to search
CVE-2012-1699
Published: Dec 21, 2012
Modified: Aug 6, 2024
PUBLISHED
Description
The ProcSetEventMask function in difs/events.c in the xfs font server for X.Org X11R6 through X11R6.6 and XFree86 before 3.3.3 calls the SendErrToClient function with a mask value instead of a pointer, which allows local users to cause a denial of service (memory corruption and crash) or obtain potentially sensitive information from memory via a SetEventMask request that triggers an invalid pointer dereference.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
oval:org.mitre.oval:def:19369
vdb-entry
signature
x_refsource_OVAL
http://twitter.com/bsdaemon/status/228958599790071809
x_refsource_MISC
https://blogs.oracle.com/sunsecurity/entry/cve_2012_1699_denial_of
x_refsource_CONFIRM
HPSBUX02829
vendor-advisory
x_refsource_HP
SSRT100883
vendor-advisory
x_refsource_HP
https://bugzilla.redhat.com/show_bug.cgi?id=842841
x_refsource_MISC
[xorg-announce] 20120724 X.Org security advisory: DoS/info leak in xfs prior to X11R6.7/XFree86 3.3.3
mailing-list
x_refsource_MLIST
http://invisible-island.net/ansification/ansify-xfs-cve.html
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now