libglxproto.c in OpenGL libglvnd bb06db5a was discovered to contain a segmentation violation via the function glXGetDrawableScreen(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server.
The bug is related to two classes of vulnerabilities: stack-based buffer overflow (CWE-121) and NULL pointer dereference (CWE-476). Calling the glXGetDrawableScreen() function with appropriately crafted data from a malicious server can lead to a process segmentation violation. The mechanism assumes that the attacker controls the OpenGL/X11 server to which a client using the vulnerable library connects.
An attacker controlling the server can cause a client application crash (denial of service) or potentially execute arbitrary code in the context of the client process. The high CVSS score (9.8) reflects theoretical maximum impact, however the actual risk is disputed by the project creators.
Patches available from the vendor should be applied according to references — merge request no. 295 is available in the libglvnd project GitLab repository (gitlab.freedesktop.org/glvnd/libglvnd). The library should be updated to a version containing the fix.
OpenGL libglvnd library, revision bb06db5a (specific versions indicated in vendor references)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H