CVE-2021-3782 – wayland: libwayland-server wl_shm reference-count overflow

https://notcve.org/view.php?id=CVE-2021-3782

16 Sep 2022 — An internal reference count is held on the buffer pool, incremented every time a new buffer is created from the pool. The reference count is maintained as an int; on LP64 systems this can cause the reference count to overflow if the client creates a large number of wl_shm buffer objects, or if it can coerce the server to create a large number of external references to the buffer storage. With the reference count overflowing, a use-after-free can be constructed on the wl_shm_pool tracking structure, where va... • https://gitlab.freedesktop.org/wayland/wayland/-/issues/224 • CWE-190: Integer Overflow or Wraparound CWE-416: Use After Free •