CVE-2007-2437
published 2007-05-02CVE-2007-2437: The X render (Xrender) extension in X.org X Window System 7.0, 7.1, and 7.2, with Xserver 1.3.0 and earlier, allows remote authenticated users to cause a…
medium5.5CVSS 3.1
AVAACLAuSCNINAC
EXPLOIT
The X render (Xrender) extension in X.org X Window System 7.0, 7.1, and 7.2, with Xserver 1.3.0 and earlier, allows remote authenticated users to cause a denial of service (daemon crash) via crafted values to the (1) XRenderCompositeTrapezoids and (2) XRenderAddTraps functions, which trigger a divide-by-zero error.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | xorg-server | < xorg-server 2:1.3.0.0.dfsg-4 (bookworm) | xorg-server 2:1.3.0.0.dfsg-4 (bookworm) |
| x.org | x_window_system | — | — |
| x.org | x_window_system | — | — |
| x.org | x_window_system | — | — |
| x.org | xorg-server | >= 0 < 2:1.3.0.0.dfsg-4 | 2:1.3.0.0.dfsg-4 |
| x.org | xorg-server | >= 0 < 2:1.3.0.0.dfsg-4 | 2:1.3.0.0.dfsg-4 |
| x.org | xorg-server | >= 0 < 2:1.3.0.0.dfsg-4 | 2:1.3.0.0.dfsg-4 |
| x.org | xorg-server | >= 0 < 2:1.3.0.0.dfsg-4 | 2:1.3.0.0.dfsg-4 |
| x.org | xserver | <= 1.3.0 | — |
CVSS provenance
nvd5.5MEDIUMAV:A/AC:L/Au:S/C:N/I:N/A:C
osv5.5MEDIUM