CVE-2008-2360 — Heap-based Buffer Overflow in X11

CWE-189 CWE-122 — Heap-based Buffer Overflow8 documents8 sources

Severity

9.0CRITICALNVD

EPSS

1.9%

top 16.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

X.org Xorg-server X X11

Timeline

PublishedJun 16

Latest updateMay 3

Description

Integer overflow in the AllocateGlyph function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to execute arbitrary code via unspecified request fields that are used to calculate a heap buffer size, which triggers a heap-based buffer overflow.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages2 packages

▶Debianx.org/xorg-server< 2:1.4.1~git20080517-2+3

▶NVDx/x11r7.3

Patches

Patch: ftp.freedesktop.org ↗Patch: lists.freedesktop.org ↗Patch: lists.opensuse.org ↗

🔴Vulnerability Details

GHSA

GHSA-655r-4xf7-h526: Integer overflow in the AllocateGlyph function in the Render extension in the X server 1↗2022-05-03

▶

CVEList

CVE-2008-2360: Integer overflow in the AllocateGlyph function in the Render extension in the X server 1↗2008-06-16

▶

OSV

CVE-2008-2360: Integer overflow in the AllocateGlyph function in the Render extension in the X server 1↗2008-06-16

▶

📋Vendor Advisories

Ubuntu

X.org vulnerabilities↗2008-06-13

▶

Red Hat

X.org Render extension AllocateGlyph() heap buffer overflow↗2008-06-11

▶

Debian

CVE-2008-2360: xorg-server - Integer overflow in the AllocateGlyph function in the Render extension in the X ...↗2008

▶

💬Community

Bugzilla

CVE-2008-2360 X.org Render extension AllocateGlyph() heap buffer overflow↗2008-05-28

▶