Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 487360 (CVE-2013-4396)

Summary: <x11-base/xorg-server-{1.9.5-r3,1.10.6-r3,1.11.4-r3,1.12.4-r2,1.13.4-r1,1.14.3-r2}: Use after free in Xserver handling of ImageText requests (CVE-2013-4396)
Product: Gentoo Security Reporter: Chí-Thanh Christopher Nguyễn <chithanh>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: normal CC: polynomial-c, x11
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also:
Whiteboard: A3 [glsa]
Package list:
Runtime testing required: ---

Description Chí-Thanh Christopher Nguyễn gentoo-dev 2013-10-08 21:57:03 UTC
X.Org Security Advisory: October 8, 2013 - CVE-2013-4396
Use after free in Xserver handling of ImageText requests


Pedro Ribeiro (pedrib at reported an issue to the X.Org security
team in which an authenticated X client can cause an X server to use memory
after it was freed, potentially leading to crash and/or memory corruption.

Affected Versions

This bug appears to have been introduced in RCS version 1.42 on 1993/09/18,
and is thus believed to be present in every X server release starting with
X11R6.0 up to the current xorg-server 1.14.3.  (Manual inspection shows it
is present in the sources from the X11R6 tarballs, but not in those from the
X11R5 tarballs.)


A fix is available via the attached patch, which is intended to be included
in xorg-server 1.15.0 and 1.14.4.


X.Org thanks Pedro Ribeiro for reporting this issues to our security team at
xorg-security at
Comment 1 Chí-Thanh Christopher Nguyễn gentoo-dev 2013-10-10 11:56:37 UTC
Fixed in

Comment 2 Chí-Thanh Christopher Nguyễn gentoo-dev 2013-10-10 15:04:05 UTC
*** Bug 487536 has been marked as a duplicate of this bug. ***
Comment 3 Chí-Thanh Christopher Nguyễn gentoo-dev 2013-10-11 14:02:40 UTC
Arches, please stabilize the versions mentioned in comment 1.
Comment 4 Jeroen Roovers (RETIRED) gentoo-dev 2013-10-11 15:44:51 UTC
For everything prior to 1.14.3 I have dropped HPPA keywording.
=x11-base/xorg-server-1.14.3-r2 is stable for HPPA.
Comment 5 Agostino Sarubbo gentoo-dev 2013-10-12 08:55:33 UTC
amd64 stable
Comment 6 Agostino Sarubbo gentoo-dev 2013-10-13 08:11:44 UTC
arm stable
Comment 7 Agostino Sarubbo gentoo-dev 2013-10-14 06:00:46 UTC
alpha stable
Comment 8 Agostino Sarubbo gentoo-dev 2013-10-15 18:49:17 UTC
ia64 stable
Comment 9 Agostino Sarubbo gentoo-dev 2013-10-16 19:31:56 UTC
ppc64 stable
Comment 10 Agostino Sarubbo gentoo-dev 2013-10-21 17:37:23 UTC
x86 stable
Comment 11 Agostino Sarubbo gentoo-dev 2013-10-22 08:19:09 UTC
ppc and sparc stable
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2013-10-24 00:21:37 UTC
CVE-2013-4396 (
  Use-after-free vulnerability in the doImageText function in dix/dixfonts.c
  in the xorg-server module before 1.14.4 in X.Org X11 allows remote
  authenticated users to cause a denial of service (daemon crash) or possibly
  execute arbitrary code via a crafted ImageText request that triggers
  memory-allocation failure.
Comment 13 Sergey Popov gentoo-dev 2013-10-28 17:45:30 UTC
Thanks everyone, GLSA request filed

@maintainers: cleanup vulnerable versions, please
Comment 14 Chí-Thanh Christopher Nguyễn gentoo-dev 2013-10-28 17:56:57 UTC
Vulnerable versions have been removed from the tree.
Comment 15 GLSAMaker/CVETool Bot gentoo-dev 2014-05-15 12:18:54 UTC
This issue was resolved and addressed in
 GLSA 201405-07 at
by GLSA coordinator Mikle Kolyada (Zlogene).