CVE-2008-2362
published 2008-06-16CVE-2008-2362: Multiple integer overflows in the Render extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via a (1)…
critical10CVSS 3.1
AVNACLAuNCCICAC
Multiple integer overflows in the Render extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via a (1) SProcRenderCreateLinearGradient, (2) SProcRenderCreateRadialGradient, or (3) SProcRenderCreateConicalGradient request with an invalid field specifying the number of bytes to swap in the request data, which triggers heap memory corruption.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | xorg-server | < xorg-server 2:1.4.1~git20080517-2 (bookworm) | xorg-server 2:1.4.1~git20080517-2 (bookworm) |
| x.org | xorg-server | >= 0 < 2:1.4.1~git20080517-2 | 2:1.4.1~git20080517-2 |
| x.org | xorg-server | >= 0 < 2:1.4.1~git20080517-2 | 2:1.4.1~git20080517-2 |
| x.org | xorg-server | >= 0 < 2:1.4.1~git20080517-2 | 2:1.4.1~git20080517-2 |
| x.org | xorg-server | >= 0 < 2:1.4.1~git20080517-2 | 2:1.4.1~git20080517-2 |
| x | x11 | — | — |
CVSS provenance
nvd10.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL