CVE-2008-2361 — X11 vulnerability

CWE-1898 documents8 sources

Severity

6.8MEDIUMNVD

EPSS

1.5%

top 18.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

X.org Xorg-server Xorg X11

Timeline

PublishedJun 16

Latest updateMay 3

Description

Integer overflow in the ProcRenderCreateCursor function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to cause a denial of service (daemon crash) via unspecified request fields that are used to calculate a glyph buffer size, which triggers a dereference of unmapped memory.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 8.0 | Impact: 6.9

Affected Packages2 packages

▶Debianx.org/xorg-server< 2:1.4.1~git20080517-2+3

▶NVDxorg/x11r7.3

Patches

Patch: ftp.freedesktop.org ↗Patch: www.securityfocus.com ↗Patch: ftp.freedesktop.org ↗

🔴Vulnerability Details

GHSA

GHSA-gvwx-pmvm-v23g: Integer overflow in the ProcRenderCreateCursor function in the Render extension in the X server 1↗2022-05-03

▶

OSV

CVE-2008-2361: Integer overflow in the ProcRenderCreateCursor function in the Render extension in the X server 1↗2008-06-16

▶

CVEList

CVE-2008-2361: Integer overflow in the ProcRenderCreateCursor function in the Render extension in the X server 1↗2008-06-16

▶

📋Vendor Advisories

Ubuntu

X.org vulnerabilities↗2008-06-13

▶

Red Hat

X.org Render extension ProcRenderCreateCursor() crash↗2008-06-11

▶

Debian

CVE-2008-2361: xorg-server - Integer overflow in the ProcRenderCreateCursor function in the Render extension ...↗2008

▶

💬Community

Bugzilla

CVE-2008-2361 X.org Render extension ProcRenderCreateCursor() crash↗2008-05-28

▶