CyberSec.Space Logo
Back to CVE Browser

CVE-2012-1699

LOW
3.6
CVSS Severity Score
EPSS Score0.0290%
EPSS Percentile41.69th
PublishedDec 21, 2012
Last ModifiedApr 29, 2026

Vulnerability Description

The ProcSetEventMask function in difs/events.c in the xfs font server for X.Org X11R6 through X11R6.6 and XFree86 before 3.3.3 calls the SendErrToClient function with a mask value instead of a pointer, which allows local users to cause a denial of service (memory corruption and crash) or obtain potentially sensitive information from memory via a SetEventMask request that triggers an invalid pointer dereference.

Affected Platforms (CPE)

πŸ“¦
X

X.org X11

= 6.0
πŸ“¦
X

X.org X11

= 6.1
πŸ“¦
X

X.org X11

= 6.3
πŸ“¦
X

X.org X11

= 6.4
πŸ“¦
X

X.org X11

= 6.5.1
πŸ“¦
X

X.org X11

= 6.6
πŸ“¦
Xfree86

Xfree86

<= 3.3.2

References & Advisories

πŸ”— http://invisible-island.net/ansification/ansify-xfs-cve.html
πŸ”— http://lists.freedesktop.org/archives/xorg-announce/2012-July/002040.html
πŸ”— http://marc.info/?l=bugtraq&m=135765511704334&w=2
πŸ”— http://twitter.com/bsdaemon/status/228958599790071809
πŸ”— https://blogs.oracle.com/sunsecurity/entry/cve_2012_1699_denial_of
πŸ”— https://bugzilla.redhat.com/show_bug.cgi?id=842841
πŸ”— https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19369
πŸ”— http://invisible-island.net/ansification/ansify-xfs-cve.html

Related Vulnerabilities

CVE-2012-525510.0

Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 ...

CVE-2012-525610.0

Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11....

CVE-2012-280410.0

Unspecified vulnerability in libavcodec/indeo3.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.5 has unknown impact and attack ...

CVE-2012-526010.0

Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 ...