The overflow would occur when a maliciously crafted string was passed to the function and lead to a crash or potentially arbitrary code execution. An attacker could leverage this vulnerability to execute code in the context of the user running the application, or in the context of the X server if X11 forwarding or remote access were enabled.

PicoC is a small, easy to use and fast Xorg server. It’s possible that attackers could leverage this vulnerability to execute code with system privileges on the affected system.

Additionally, PicoC is a small server with relatively few hardening features. A malicious user with elevated privileges could potentially exploit this vulnerability to gain access to elevated privileges.

Vuln-Tracker ID: 1319056

CVE ID: CVE-2018-10938, CVE-2018-10939, CVE-2018-10940, CVE-2018-10941, CVE-2018-10942, CVE-2018-10943, CVE-2018-10946, CVE-2018-10947, CVE-2018-10948, CVE-2018-10949, CVE-2018-10952, CVE-2018-10953, CVE-2018-10954, CVE-2018-10955, CVE-2018-10956, CVE-2018-10957, CVE-2018-10958, CVE-2018-10959, CVE-2018-10960, CVE-2018-10961, CVE-

Mitigation

The vulnerability can be mitigated by disabling X11 forwarding and remote access.

Vulnerability details

Type: Local

Impact: Elevation of privilege, remote code execution

CVE ID: CVE-2018-10938, CVE-2018-10939, CVE-2018-10940, CVE-2018-10941, CVE-2018-10942, CVE-2018-10943, CVE-2018-10946, CVE-2018-10947, CVE-2018-10948, CVE-2018-10949, CVE-2018

PicoC =

Small, easy to use
PicoC is a small, easy-to-use Xorg server.

Timeline

Published on: 11/08/2022 15:15:00 UTC
Last modified on: 11/08/2022 21:56:00 UTC

References