CVE-2015-3418Divide By Zero in X Server

CWE-369Divide By Zero8 documents7 sources
Severity
7.5HIGHNVD
EPSS
0.5%
top 34.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
X.org Xorg-serverX.org X Server
Timeline
PublishedDec 13
Latest updateMay 14

Description

The ProcPutImage function in dix/dispatch.c in X.Org Server (aka xserver and xorg-server) before 1.16.4 allows attackers to cause a denial of service (divide-by-zero and crash) via a zero-height PutImage request.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

Debianx.org/xorg-server< 2:1.16.4-1+3
NVDx.org/x_server1.16.3

🔴Vulnerability Details

3
GHSA
GHSA-p6c2-6v8p-34j6: The ProcPutImage function in dix/dispatch2022-05-14
OSV
CVE-2015-3418: The ProcPutImage function in dix/dispatch2016-12-13
CVEList
CVE-2015-3418: The ProcPutImage function in dix/dispatch2016-12-13

📋Vendor Advisories

2
Red Hat
xorg-x11-server: divide-by-zero when checking image dimensions2015-04-24
Debian
CVE-2015-3418: xorg-server - The ProcPutImage function in dix/dispatch.c in X.Org Server (aka xserver and xor...2015

💬Community

2
Bugzilla
CVE-2015-3418 xorg-x11-server: divide-by-zero when checking image dimensions2015-04-28
Bugzilla
CVE-2015-3418 xorg-x11-server: divide-by-zero when calculating image height [fedora-all]2015-04-28
CVE-2015-3418 — Divide By Zero in X.org X Server | cvebase