CVE-2004-0094
published 2004-03-15CVE-2004-0094: Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code when using the GLX extension…
PriorityP428high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
3.10%
86.1th percentile
Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code when using the GLX extension and Direct Rendering Infrastructure (DRI).
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| xfree86_project | x11r6 | — | — |
| xfree86_project | x11r6 | — | — |
| xfree86_project | x11r6 | — | — |
| xfree86_project | x11r6 | — | — |
| xfree86_project | x11r6 | — | — |
| xfree86_project | x11r6 | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g3xh-7cc5-g3q9: Integer signedness errors in XFree86 4
ghsa_unreviewed·2022-05-03
CVE-2004-0094 [HIGH] GHSA-g3xh-7cc5-g3q9: Integer signedness errors in XFree86 4
Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code when using the GLX extension and Direct Rendering Infrastructure (DRI).
Red Hat
security flaw
vendor_redhat·2004-02-19·CVSS 7.5
CVE-2004-0094 [HIGH] security flaw
security flaw
Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code when using the GLX extension and Direct Rendering Infrastructure (DRI).
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2004-0094 security flaw
bugzilla·2018-08-16·CVSS 7.5
CVE-2004-0094 [HIGH] CVE-2004-0094 security flaw
CVE-2004-0094 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code when using the GLX extension and Direct Rendering Infrastructure (DRI).
Bugzilla
CAN-2004-0093/094 DoS in XFree86 4.1.0
bugzilla·2004-03-19
[MEDIUM] CAN-2004-0093/094 DoS in XFree86 4.1.0
CAN-2004-0093/094 DoS in XFree86 4.1.0
Flaws in XFree86 4.1.0 allows remote attackers who are able to connect
to the X server to cause a denial of service via an out-of-bounds
array index or integer signedness error when using the GLX extension
and Direct Rendering Infrastructure (DRI). The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the names
CAN-2004-0093 and CAN-2004-0094 to these issues.
Updated packages will be available shortly.
Discussion:
An errata has been issued which should help the problem described in this bug report.
This report is therefore being closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, please follow the link below. You may reopen
this bug report if the solution does not
ftp://patches.sgi.com/support/free/security/advisories/20040406-01-Uhttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000824http://www.debian.org/security/2004/dsa-443http://www.redhat.com/support/errata/RHSA-2004-152.htmlhttp://www.securityfocus.com/bid/9701https://exchange.xforce.ibmcloud.com/vulnerabilities/15273ftp://patches.sgi.com/support/free/security/advisories/20040406-01-Uhttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000824http://www.debian.org/security/2004/dsa-443http://www.redhat.com/support/errata/RHSA-2004-152.htmlhttp://www.securityfocus.com/bid/9701https://exchange.xforce.ibmcloud.com/vulnerabilities/15273
2004-03-15
Published