A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests.
Credits
Red Hat would like to thank Julian Suleder and Nils Emmerich for reporting this issue.
