CVE-2008-2362 — Improper Input Validation in X11

CWE-189 CWE-20 — Improper Input Validation8 documents8 sources

Severity

10.0CRITICALNVD

EPSS

2.1%

top 16.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

X.org Xorg-server X X11

Timeline

PublishedJun 16

Latest updateMay 3

Description

Multiple integer overflows in the Render extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via a (1) SProcRenderCreateLinearGradient, (2) SProcRenderCreateRadialGradient, or (3) SProcRenderCreateConicalGradient request with an invalid field specifying the number of bytes to swap in the request data, which triggers heap memory corruption.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶Debianx.org/xorg-server< 2:1.4.1~git20080517-2+3

▶NVDx/x11r7.3

Patches

Patch: ftp.freedesktop.org ↗Patch: www.securityfocus.com ↗Patch: ftp.freedesktop.org ↗

🔴Vulnerability Details

GHSA

GHSA-5qg4-c78v-h6f8: Multiple integer overflows in the Render extension in the X server 1↗2022-05-03

▶

CVEList

CVE-2008-2362: Multiple integer overflows in the Render extension in the X server 1↗2008-06-16

▶

OSV

CVE-2008-2362: Multiple integer overflows in the Render extension in the X server 1↗2008-06-16

▶

📋Vendor Advisories

Ubuntu

X.org vulnerabilities↗2008-06-13

▶

Red Hat

X.org Render extension input validation flaw causing memory corruption↗2008-06-11

▶

Debian

CVE-2008-2362: xorg-server - Multiple integer overflows in the Render extension in the X server 1.4 in X.Org ...↗2008

▶

💬Community

Bugzilla

CVE-2008-2362 X.org Render extension input validation flaw causing memory corruption↗2008-05-28

▶