X Divide By Zero Error in Xrender Extension Lets Users Deny Service
|
|
SecurityTracker Alert ID: 1017984 |
|
SecurityTracker URL: http://securitytracker.com/id/1017984
|
|
CVE Reference:
CVE-2007-2437
(Links to External Site)
|
Updated: May 4 2007
|
Original Entry Date: May 1 2007
|
Impact:
Denial of service via local system, Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 7.0, 7.1, 7.2
|
Description:
A vulnerability was reported in X. A remote or local user can cause denial of service conditions.
A remote or local user with access to the Xserver can cause the target Xserver to crash. The user can supply specially crafted values to the Xrender extension's XRenderCompositeTrapezoids() and XRenderAddTraps() functions to trigger a divide by zero error.
Derek Abdine of Rapid7 discovered this vulnerability.
The original advisory is available at:
http://www.rapid7.com/advisories/R7-0027.jsp
|
Impact:
A remote or local user with access to the Xserver can cause the target Xserver to crash.
|
Solution:
The vendor plans to issue a fixed version (Xserver 1.3.1 for X 7.2).
|
Vendor URL: www.x.org/ (Links to External Site)
|
Cause:
State error
|
Underlying OS:
Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Mon, 30 Apr 2007 23:13:50 -0400
Subject: X
|
> Denial-of-Service in the Xrender Extension's Trapezoid Drawing Routines
http://www.rapid7.com/advisories/R7-0027.jsp
|
|
