Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-2437 — Xserver vulnerability

7 documents7 sources

Severity

5.5MEDIUMNVD

EPSS

3.8%

top 11.95%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

X.org Xorg-server X.org Xserver X.org X Window System

Timeline

PublishedMay 2

Latest updateMay 1

Description

The X render (Xrender) extension in X.org X Window System 7.0, 7.1, and 7.2, with Xserver 1.3.0 and earlier, allows remote authenticated users to cause a denial of service (daemon crash) via crafted values to the (1) XRenderCompositeTrapezoids and (2) XRenderAddTraps functions, which trigger a divide-by-zero error.

CVSS vector

AV:A/AC:L/C:N/I:N/A:CExploitability: 5.1 | Impact: 6.9

Affected Packages3 packages

▶NVDx.org/x_window_system7.0, 7.1, 7.2+2

▶NVDx.org/xserver1.3.0

▶Debianx.org/xorg-server< 2:1.3.0.0.dfsg-4+3

Patches

Patch: www.rapid7.com ↗Patch: www.securitytracker.com ↗Patch: www.rapid7.com ↗

🔴Vulnerability Details

GHSA

GHSA-j82p-p2jg-jj2f: The X render (Xrender) extension in X↗2022-05-01

▶

OSV

CVE-2007-2437: The X render (Xrender) extension in X↗2007-05-02

▶

CVEList

CVE-2007-2437: The X render (Xrender) extension in X↗2007-05-02

▶

💥Exploits & PoCs

Exploit-DB

X.Org X Window System Xserver 1.3 - XRender Extension Divide by Zero Denial of Service↗2007-05-01

▶

📋Vendor Advisories

Debian

CVE-2007-2437: xorg-server - The X render (Xrender) extension in X.org X Window System 7.0, 7.1, and 7.2, wit...↗2007

▶

Red Hat

CVE-2007-2437: The X render (Xrender) extension in X↗

▶