10

CVE-2008-2362

Multiple integer overflows in the Render extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via a (1) SProcRenderCreateLinearGradient, (2) SProcRenderCreateRadialGradient, or (3) SProcRenderCreateConicalGradient request with an invalid field specifying the number of bytes to swap in the request data, which triggers heap memory corruption.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
XX11 Versionr7.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.57% 0.879
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
http://secunia.com/advisories/33937
http://support.apple.com/kb/HT3438
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html
http://secunia.com/advisories/30715
http://lists.freedesktop.org/archives/xorg/2008-June/036026.html
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html
http://rhn.redhat.com/errata/RHSA-2008-0504.html
http://secunia.com/advisories/30627
Vendor Advisory
http://secunia.com/advisories/30630
Vendor Advisory
http://secunia.com/advisories/30637
Vendor Advisory
http://secunia.com/advisories/30659
Vendor Advisory
http://secunia.com/advisories/30664
Vendor Advisory
http://secunia.com/advisories/30666
Vendor Advisory
http://secunia.com/advisories/30671
http://secunia.com/advisories/30772
http://secunia.com/advisories/30809
http://secunia.com/advisories/30843
http://secunia.com/advisories/31025
http://secunia.com/advisories/31109
http://secunia.com/advisories/32099
http://security.gentoo.org/glsa/glsa-200806-07.xml
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1
http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201
http://www.debian.org/security/2008/dsa-1595
http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:116
http://www.securityfocus.com/archive/1/493548/100/0/threaded
http://www.securityfocus.com/archive/1/493550/100/0/threaded
http://www.ubuntu.com/usn/usn-616-1
http://www.vupen.com/english/advisories/2008/1803
http://www.vupen.com/english/advisories/2008/1833
http://www.vupen.com/english/advisories/2008/1983/references
https://issues.rpath.com/browse/RPL-2607
https://issues.rpath.com/browse/RPL-2619
http://www.mandriva.com/security/advisories?name=MDVSA-2008:179
ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2362.diff
Patch
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=720
http://securitytracker.com/id?1020245
http://www.securityfocus.com/bid/29670
Patch
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11246