CVE-2007-2437

Name of the Vulnerable Software and Affected Versions X.org X Window System versions 7.0 through 7.2 Xserver version 1.3.0 and earlier

Description The issue allows remote authenticated users to cause a denial of service, resulting in a daemon crash. This is achieved by providing crafted values to the (1) XRenderCompositeTrapezoids and (2) XRenderAddTraps functions, which trigger a divide-by-zero error.

Recommendations For X.org X Window System versions 7.0 through 7.2, consider disabling the XRenderCompositeTrapezoids and XRenderAddTraps functions as a temporary workaround until a patch is available. For Xserver version 1.3.0 and earlier, restrict access to the Xrender extension to minimize the risk of exploitation.