CVE-2024-31083

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-31083

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-31083.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-31083

Downstream

BELL-CVE-2024-31083

DEBIAN-CVE-2024-31083

DLA-3787-1

DSA-5657-1

OESA-2024-1416

OESA-2024-2041

OESA-2024-2042

RHSA-2024:1785

RHSA-2024:2036

RHSA-2024:2037

RHSA-2024:2038

RHSA-2024:2039

RHSA-2024:2040

RHSA-2024:2041

RHSA-2024:2042

RHSA-2024:2080

RHSA-2024:2616

RHSA-2024:3258

RHSA-2024:3261

RHSA-2024:3343

RHSA-2024:9093

RHSA-2024:9122

RHSA-2025:12751

SUSE-SU-2024:1199-1

SUSE-SU-2024:1260-1

SUSE-SU-2024:1261-1

SUSE-SU-2024:1262-1

SUSE-SU-2024:1263-1

SUSE-SU-2024:1264-1

SUSE-SU-2024:1265-1

SUSE-SU-2024:2776-1

UBUNTU-CVE-2024-31083

USN-6721-1

openSUSE-SU-2024:13828-1

openSUSE-SU-2024:13829-1

Related

Published

2024-04-05T12:15:37Z

Modified

2025-08-09T20:01:26Z

Summary

[none]

Details

A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request.

References

Affected packages