AZL-39112

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-39112.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-39112

Upstream

CVE-2024-31082

Published

2024-04-04T14:15:10Z

Modified

2026-04-01T05:13:23.427439Z

Summary

CVE-2024-31082 affecting package xorg-x11-server for versions less than 1.20.10-11

Details

A heap-based buffer over-read vulnerability was found in the X.org server's ProcAppleDRICreatePixmap() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-31082

Affected packages

Azure Linux:2 / xorg-x11-server

Package

Name: xorg-x11-server
Purl: pkg:rpm/azure-linux/xorg-x11-server

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.20.10-11

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-39112.json"