CVE-2006-0197 — X.org vulnerability

4 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

0.4%

top 38.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

X.org

Timeline

PublishedJan 13

Latest updateMay 1

Description

The XClientMessageEvent struct used in certain components of X.Org 6.8.2 and earlier, possibly including (1) the X server and (2) Xlib, uses a "long" specifier for elements of the l array, which results in inconsistent sizes in the struct on 32-bit versus 64-bit platforms, and might allow attackers to cause a denial of service (application crash) and possibly conduct other attacks.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDx.org/x.org6.8.2

🔴Vulnerability Details

GHSA

GHSA-w29x-wmq5-qc5q: The XClientMessageEvent struct used in certain components of X↗2022-05-01

▶

CVEList

CVE-2006-0197: The XClientMessageEvent struct used in certain components of X↗2006-01-13

▶

💥Exploits & PoCs

Exploit-DB

Apple Mac OSX 10.4.8 - Apple Finder DMG Volume Name Memory Corruption (PoC)↗2007-01-09

▶