Description
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcRenderCompositeGlyphs function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
References (11)
Core 11
Core References
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PDHYZM6FII35JA7J275MFCJO6ADJUPQX/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T57DCF726O5LLTST4NBL5PQ7DLPB46HT/
Third Party Advisory vendor-advisory
https://www.debian.org/security/2021/dsa-5027
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2021/12/msg00035.html
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NKLSZCY47QK4RCJFXITYFALCGPJAFXOK/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXTRPFEQLFZ6NT2LPLZEID664RGC3OCC/
Third Party Advisory
https://security.netapp.com/advisory/ntap-20220114-0004/
Third Party Advisory, VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-21-1547/
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202305-30
Scores
CVSS v3
7.8
EPSS
0.0007
EPSS Percentile
22.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (8)
debian/debian_linux
9.0
debian/debian_linux
10.0
debian/debian_linux
11.0
fedoraproject/fedora
34
fedoraproject/fedora
35
x.org/x_server
21.1.0
x.org/x_server
21.1.1
x.org/x_server
< 1.20.14
Published
Dec 17, 2021
Tracked Since
Feb 18, 2026