CVE-2006-1526

9 documents8 sources
Severity
2.1LOW
EPSS
0.4%
top 36.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
X.org X11r6
Timeline
PublishedMay 2
Latest updateMay 1

Description

Buffer overflow in the X render (Xrender) extension in X.org X server 6.8.0 up to allows attackers to cause a denial of service (crash), as demonstrated by the (1) XRenderCompositeTriStrip and (2) XRenderCompositeTriFan requests in the rendertest from XCB xcb/xcb-demo, which leads to an incorrect memory allocation due to a typo in an expression that uses a "&" instead of a "*" operator. NOTE: the subject line of the original announcement used an incorrect CVE number for this issue.

CVSS vector

AV:L/AC:L/C:N/I:N/A:PExploitability: 3.9 | Impact: 2.9

Affected Packages2 packages

Debianxorg-server< 1:1.0.2-8+3
NVDx.org/x11r64 versions+3

Patches

Patch: lists.freedesktop.orgPatch: secunia.comPatch: secunia.com

🔴Vulnerability Details

3
GHSA
GHSA-h3hm-p5jw-xp4h: Buffer overflow in the X render (Xrender) extension in X2022-05-01
CVEList
CVE-2006-1526: Buffer overflow in the X render (Xrender) extension in X2006-05-02
OSV
CVE-2006-1526: Buffer overflow in the X render (Xrender) extension in X2006-05-02

📋Vendor Advisories

3
Ubuntu
X.org server vulnerability2006-05-04
Red Hat
security flaw2006-05-02
Debian
CVE-2006-1526: xorg-server - Buffer overflow in the X render (Xrender) extension in X.org X server 6.8.0 up t...2006

💬Community

2
Bugzilla
CVE-2006-1526 security flaw2018-08-16
Bugzilla
CVE-2006-1526 X.Org buffer overflow2006-04-24
CVE-2006-1526 (LOW CVSS 2.1) | Buffer overflow in the X render (Xr | cvebase.io