PT-2007-3768 · X.Org · Xserver+1

Published

2007-05-02

Updated

2017-07-29

CVE-2007-2437

CVSS v2.0

5.5

Medium

Vector

AV:A/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions X.org X Window System versions 7.0 through 7.2 Xserver version 1.3.0 and earlier

Description The issue allows remote authenticated users to cause a denial of service, resulting in a daemon crash. This is achieved by providing crafted values to the (1) XRenderCompositeTrapezoids and (2) XRenderAddTraps functions, which trigger a divide-by-zero error.

Recommendations For X.org X Window System versions 7.0 through 7.2, consider disabling the XRenderCompositeTrapezoids and XRenderAddTraps functions as a temporary workaround until a patch is available. For Xserver version 1.3.0 and earlier, restrict access to the Xrender extension to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-2437

Affected Products

X.Org X Window System

Xserver

PT-2007-3768 · X.Org · Xserver+1

CVE-2007-2437

Related Identifiers

Affected Products

References · 15