DEBIAN-CVE-2023-5574

DEBIAN-CVE-2023-5574 PUBLISHED CVSS 7 HIGH

A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, allowing for possible escalation of privileges or denial of service.

Risk Scores

CVSS 3.1

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Debian:11	xorg-server	1.20.11-1, ,
Debian:13	xorg-server	*, 2:21.1.22-1, 2:21.1.18-2
Debian:12	xorg-server	2:21.1.22-1, 2:21.1.7-3+deb12u1, 2:21.1.7-3+deb12u10
Debian:14	xorg-server	*, 2:21.1.22-1, 2:21.1.21-1

Exploit Intelligence

errata73.html (github-poc)

Timeline

Oct 25, 2023 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2023-5574 advisory

Open in Interactive Console →