Vulnerability CVE-2007-2437


Published: 2007-05-02   Modified: 2012-02-12

Description:
The X render (Xrender) extension in X.org X Window System 7.0, 7.1, and 7.2, with Xserver 1.3.0 and earlier, allows remote authenticated users to cause a denial of service (daemon crash) via crafted values to the (1) XRenderCompositeTrapezoids and (2) XRenderAddTraps functions, which trigger a divide-by-zero error.

Vendor: X.org
Product: X window system 
Version:
7.2
7.1
7.0
Product: Xserver 
Version: 1.3.0;

CVSS2 => (AV:A/AC:L/Au:S/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.5/10
6.9/10
5.1/10
Exploit range
Attack complexity
Authentication
Adjacent network
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete

 References:
http://www.securitytracker.com/id?1017984
http://www.rapid7.com/advisories/R7-0027.jsp
http://xforce.iss.net/xforce/xfdb/33976
http://www.vupen.com/english/advisories/2007/1658
http://www.vupen.com/english/advisories/2007/1601
http://osvdb.org/34905
http://www.securityfocus.com/bid/23741
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200067-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102901-1
http://secunia.com/advisories/25121

Related CVE
CVE-2018-14665
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate the...
CVE-2018-14600
An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c interprets a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution.
CVE-2018-14599
An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact.
CVE-2018-14598
An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation f...
CVE-2017-2624
It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations ret...
CVE-2017-12187
xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
CVE-2017-12186
xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
CVE-2017-12185
xorg-x11-server before 1.19.5 was missing length validation in MIT-SCREEN-SAVER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

Copyright 2019, cxsecurity.com

 

Back to Top