CVE-2024-31082

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-31082
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-31082.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-31082
Downstream
Related
Published
2024-04-04T13:48:34.893Z
Modified
2026-05-08T04:53:49.301293Z
Severity
  • 7.3 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H CVSS Calculator
Summary
Xorg-x11-server: heap buffer overread/data leakage in procappledricreatepixmap
Details

A heap-based buffer over-read vulnerability was found in the X.org server's ProcAppleDRICreatePixmap() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.

Database specific 
{
    "cna_assigner": "redhat",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/31xxx/CVE-2024-31082.json",
    "cwe_ids": [
        "CWE-126"
    ]
}
References

Affected packages

Git / gitlab.freedesktop.org/xorg/xserver

Affected ranges

Type
GIT
Repo
https://gitlab.freedesktop.org/xorg/xserver
Events
Introduced
b1be72c5ca6cb98ba64637990b142be0f1710a19
Fixed
101caa1b03bc26b718f4618eb24104add5d14a4b
Database specific 
{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "1.12.0"
        },
        {
            "fixed": "21.1.12"
        }
    ]
}

Affected versions

xorg-server-1.*
xorg-server-1.12.0
xorg-server-1.12.99.901
xorg-server-1.12.99.902
xorg-server-1.12.99.903
xorg-server-1.12.99.904
xorg-server-1.12.99.905
xorg-server-1.13.0
xorg-server-1.13.99.901
xorg-server-1.13.99.902
xorg-server-1.14.0
xorg-server-1.14.99.1
xorg-server-1.14.99.2
xorg-server-1.14.99.3
xorg-server-1.14.99.901
xorg-server-1.14.99.902
xorg-server-1.14.99.903
xorg-server-1.14.99.904
xorg-server-1.14.99.905
xorg-server-1.15.0
xorg-server-1.15.99.901
xorg-server-1.15.99.902
xorg-server-1.15.99.903
xorg-server-1.15.99.904
xorg-server-1.16.0
xorg-server-1.16.99.901
xorg-server-1.16.99.902
xorg-server-1.17.0
xorg-server-1.17.99.901
xorg-server-1.17.99.902
xorg-server-1.18.0
xorg-server-1.18.99.2
xorg-server-1.18.99.901
xorg-server-1.18.99.902
xorg-server-1.19.0
xorg-server-1.19.99.901
xorg-server-1.19.99.902
xorg-server-1.19.99.903
xorg-server-1.19.99.904
xorg-server-1.19.99.905
xorg-server-1.20.0
xorg-server-21.*
xorg-server-21.0.99.1
xorg-server-21.0.99.901
xorg-server-21.0.99.902
xorg-server-21.1.0
xorg-server-21.1.1
xorg-server-21.1.10
xorg-server-21.1.11
xorg-server-21.1.2
xorg-server-21.1.3
xorg-server-21.1.4
xorg-server-21.1.5
xorg-server-21.1.6
xorg-server-21.1.7
xorg-server-21.1.8
xorg-server-21.1.9

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-31082.json"