製品・ソフトウェアに関する情報

JVN脆弱性詳細

X.Org xserver の Render 拡張における任意のメモリを読まれる脆弱性

Title	X.Org xserver の Render 拡張における任意のメモリを読まれる脆弱性
Summary	X.Org xserver の Render 拡張 (render/render.c) 内の ProcRenderAddGlyphs 関数には、任意のメモリを読まれる、およびサービス運用妨害 (サーバクラッシュ) 状態となる脆弱性が存在します。
Possible impacts	ローカルユーザにより、任意のメモリを読まれる、およびサービス運用妨害 (サーバクラッシュ) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Aug. 20, 2010, midnight
Registration Date	Sept. 7, 2012, 4:51 p.m.
Last Update	Sept. 7, 2012, 4:51 p.m.

Affected System

X.Org Foundation

X.Org X Server 1.7.7 およびそれ以前

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2010-4819	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4819
National Vulnerability Database (NVD)
2	CVE-2010-4819	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4819

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-20	https://jvndb.jvn.jp/ja/cwe/CWE-20.html

ベンダー情報

No	Name	URL
freedesktop.org
1	Bugzilla - Bug 28801	https://bugs.freedesktop.org/show_bug.cgi?id=28801
2	render: Bounds check for nglyphs in ProcRenderAddGlyphs (#28801)	http://cgit.freedesktop.org/xorg/xserver/commit/render/render.c?id=5725849a1b427cd4a72b84e57f211edb35838718
IBM SECURITY ADVISORY
3	Memory leak vulnerability in AIX X-server	http://aix.software.ibm.com/aix/efixes/security/X_advisory2.asc
Red Hat Security Advisory
4	RHSA-2011:1359	http://rhn.redhat.com/errata/RHSA-2011-1359.html
5	RHSA-2011:1360	http://rhn.redhat.com/errata/RHSA-2011-1360.html

Change Log

No	Changed Details	Date of change
0	[2012年09月07日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2010-4819

Summary	The ProcRenderAddGlyphs function in the Render extension (render/render.c) in X.Org xserver 1.7.7 and earlier allows local users to read arbitrary memory and possibly cause a denial of service (server crash) via unspecified vectors related to an "input sanitization flaw."
Publication Date	Sept. 6, 2012, 8:55 a.m.
Registration Date	Jan. 29, 2021, 11:10 a.m.
Last Update	Nov. 21, 2024, 10:21 a.m.

Affected software configurations

Related information, measures and tools

No	URL	refsource	タグ
1	http://aix.software.ibm.com/aix/efixes/security/X_advisory2.asc
2	http://cgit.freedesktop.org/xorg/xserver/commit/render/render.c?id=5725849a1b427cd4a72b84e57f211edb35838718
3	http://rhn.redhat.com/errata/RHSA-2011-1359.html
4	http://rhn.redhat.com/errata/RHSA-2011-1360.html
5	http://securitytracker.com/id?1026149
6	http://www.openwall.com/lists/oss-security/2011/09/22/8
7	http://www.openwall.com/lists/oss-security/2011/09/23/5
8	https://bugs.freedesktop.org/show_bug.cgi?id=28801
9	http://aix.software.ibm.com/aix/efixes/security/X_advisory2.asc
10	https://bugs.freedesktop.org/show_bug.cgi?id=28801
11	http://www.openwall.com/lists/oss-security/2011/09/23/5
12	http://www.openwall.com/lists/oss-security/2011/09/22/8
13	http://securitytracker.com/id?1026149
14	http://rhn.redhat.com/errata/RHSA-2011-1360.html
15	http://rhn.redhat.com/errata/RHSA-2011-1359.html
16	http://cgit.freedesktop.org/xorg/xserver/commit/render/render.c?id=5725849a1b427cd4a72b84e57f211edb35838718

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-20	不適切な入力確認	https://cwe.mitre.org/data/definitions/20.html