Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server.
DescriptionVasyl Kaigorodov
2014-11-27 15:53:15 UTC
SProcXCMiscGetXIDList() call in XC-MISC extension do not check that the lengths and/or indexes sent by the
client are within the bounds specified by the caller or the bounds of
the memory allocated to hold the request read from the client, so could
read or write past the bounds of allocated memory while processing the
request. These calls all occur only after a client has successfully
authenticated itself.
Introduced in X11R6.0 (1994).