Vulnerability CVE-2007-2437


Published: 2007-05-02   Modified: 2012-02-12

Description:
The X render (Xrender) extension in X.org X Window System 7.0, 7.1, and 7.2, with Xserver 1.3.0 and earlier, allows remote authenticated users to cause a denial of service (daemon crash) via crafted values to the (1) XRenderCompositeTrapezoids and (2) XRenderAddTraps functions, which trigger a divide-by-zero error.

CVSS2 => (AV:A/AC:L/Au:S/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.5/10
6.9/10
5.1/10
Exploit range
Attack complexity
Authentication
Adjacent network
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete
Affected software
X.org -> X window system 
X.org -> Xserver 

 References:
http://www.securitytracker.com/id?1017984
http://www.rapid7.com/advisories/R7-0027.jsp
http://xforce.iss.net/xforce/xfdb/33976
http://www.vupen.com/english/advisories/2007/1658
http://www.vupen.com/english/advisories/2007/1601
http://osvdb.org/34905
http://www.securityfocus.com/bid/23741
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200067-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102901-1
http://secunia.com/advisories/25121

Copyright 2024, cxsecurity.com

 

Back to Top