CVE-2022-3550 An issue in X.org Server was found, which involves the function _GetCountedString of xkb.c. The manipulation leads to a buffer overflow, which is recommended to fix.
A vulnerability was discovered in the function _XSendEvent of the file X.MFL. It allows a remote attacker to cause a denial-of-service condition. Affected by this vulnerability is the function _XSendEvent of the file X.MFL.Affected by this vulnerability is the function _XSendEvent of the file X.MFL. The manipulation leads to an infinite loop. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212078. A vulnerability was discovered in the function _XGetTimeOfDay of the file X.MFL. It allows a remote attacker to cause a denial-of-service condition. Affected by this vulnerability is the function _XGetTimeOfDay of the file X.MFL. The manipulation leads to an infinite loop. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212079. A vulnerability was discovered in the function _XSetCursor of the file X.MFL. It allows a remote attacker to cause a denial-of-service condition. Affected by this vulnerability is the function _XSetCursor of the file X.MFL. The manipulation leads to an infinite loop. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212081. A vulnerability was discovered in the function _X
Vulnerable Packages X.MFL
Vulnerable Packages
Related Overview of a Vulnerability
Vulnerabilities are introduced by developers when they create a new software or file. Developers may not be aware of what they are doing, which can lead to vulnerabilities. The most common type of vulnerability is the buffer overflow. A buffer overflow occurs when the size of a piece of data that has been allocated to store in memory is greater than the amount of space allocated for it. It's a problem because this piece of data overflows into other parts of your program's memory space and overwrites other parts causing them to malfunction or crash.
It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212082. A vulnerability was discovered in the function _XSetEventHandlerOf the file X.MFL. It allows a remote attacker to cause a denial-of-service condition. Affected by this vulnerability is the function _XSetEventHandlerOf the file X.MFL. The manipulation leads to an infinite loop. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212083
References:
-Vulnerability Database: CVE-2022-3550
-Vulnerability Database: VDB-212078, VDB-212079, VDB-212081
Timeline
Published on: 10/17/2022 13:15:00 UTC
Last modified on: 11/24/2022 04:15:00 UTC
References
- https://cgit.freedesktop.org/xorg/xserver/commit/?id=11beef0b7f1ed290348e45618e5fa0d2bffcb72e
- https://vuldb.com/?id.211051
- https://lists.debian.org/debian-lts-announce/2022/11/msg00012.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXZZ6JBDBVBYPDI6DUTY6N36GNW37YHK/
- https://www.debian.org/security/2022/dsa-5278
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X7W3NXSYK4P3XCZQBI3U6UWP4DPZIMRZ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOEDFBYPSE3EMVHTEFCVEJD2R2Y5F2A5/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3QTPFVGYTOY4EWTJEBH3YGDTTU57FZAK/
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3550