CVE-2006-1526
published 2006-05-02CVE-2006-1526: Buffer overflow in the X render (Xrender) extension in X.org X server 6.8.0 up to allows attackers to cause a denial of service (crash), as demonstrated by the…
low2.1CVSS 3.1
AVLACLAuNCNINAP
Buffer overflow in the X render (Xrender) extension in X.org X server 6.8.0 up to allows attackers to cause a denial of service (crash), as demonstrated by the (1) XRenderCompositeTriStrip and (2) XRenderCompositeTriFan requests in the rendertest from XCB xcb/xcb-demo, which leads to an incorrect memory allocation due to a typo in an expression that uses a "&" instead of a "*" operator. NOTE: the subject line of the original announcement used an incorrect CVE number for this issue.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | xorg-server | < xorg-server 1:1.0.2-8 (bookworm) | xorg-server 1:1.0.2-8 (bookworm) |
| x.org | x11r6 | — | — |
| x.org | x11r6 | — | — |
| x.org | x11r6 | — | — |
| x.org | x11r6 | — | — |
| x.org | xorg-server | >= 0 < 1:1.0.2-8 | 1:1.0.2-8 |
| x.org | xorg-server | >= 0 < 1:1.0.2-8 | 1:1.0.2-8 |
| x.org | xorg-server | >= 0 < 1:1.0.2-8 | 1:1.0.2-8 |
| x.org | xorg-server | >= 0 < 1:1.0.2-8 | 1:1.0.2-8 |
CVSS provenance
nvd2.1LOWAV:L/AC:L/Au:N/C:N/I:N/A:P
osv2.1LOW