CVE-2007-2437 - The X render (Xrender) extension in X.org X Window System 7.0, 7.1, and 7.2, with Xserver 1.3.0 and

CVE-2007-2437

Summary

The X render (Xrender) extension in X.org X Window System 7.0, 7.1, and 7.2, with Xserver 1.3.0 and earlier, allows remote authenticated users to cause a denial of service (daemon crash) via crafted values to the (1) XRenderCompositeTrapezoids and (2) XRenderAddTraps functions, which trigger a divide-by-zero error.

References

Vulnerable Configurations

cpe:2.3:a:x.org:x_window_system:7.0:*:*:*:*:*:*:*
cpe:2.3:a:x.org:x_window_system:7.0:*:*:*:*:*:*:*
cpe:2.3:a:x.org:x_window_system:7.1:*:*:*:*:*:*:*
cpe:2.3:a:x.org:x_window_system:7.1:*:*:*:*:*:*:*
cpe:2.3:a:x.org:x_window_system:7.2:*:*:*:*:*:*:*
cpe:2.3:a:x.org:x_window_system:7.2:*:*:*:*:*:*:*
cpe:2.3:a:x.org:xserver:*:*:*:*:*:*:*:*
cpe:2.3:a:x.org:xserver:*:*:*:*:*:*:*:*

CVSS

Base:	5.5 (as of 29-07-2017 - 01:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
ADJACENT_NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:A/AC:L/Au:S/C:N/I:N/A:C

refmap via4

bid	23741
misc	http://www.rapid7.com/advisories/R7-0027.jsp
osvdb	34905
sectrack	1017984
secunia	25121
sunalert	102901 200067
vupen	ADV-2007-1601 ADV-2007-1658
xf	xorg-xrender-dos(33976)

statements via4

contributor	Joshua Bressers
lastmodified	2007-05-25
organization	Red Hat
statement	Red Hat does not consider a user assisted client crash such as this to be a security flaw.

Last major update

29-07-2017 - 01:31

Published

02-05-2007 - 10:19

Last modified

29-07-2017 - 01:31