CVE-2008-2362

2008-06-16 21:41:00 2018-10-11 22:40:43

Multiple integer overflows in the Render extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via a (1) SProcRenderCreateLinearGradient, (2) SProcRenderCreateRadialGradient, or (3) SProcRenderCreateConicalGradient request with an invalid field specifying the number of bytes to swap in the request data, which triggers heap memory corruption.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

X X11 R7.3 (not an official CPE)

X - X11

Advisory	Patch	Confirmed	Link
			https://issues.rpath.com/browse/RPL-2619
			https://issues.rpath.com/browse/RPL-2607
			ADV-2008-1983
			USN-616-1
			ADV-2008-1803
			ADV-2008-1833
			29670
			20080620 rPSA-2008-0200-1 xorg-server
			20080621 rPSA-2008-0201-1 xorg-x11 xorg-x11-fonts xorg-x...
			MDVSA-2008:179
			MDVSA-2008:116
			GLSA-200807-07
			DSA-1595
			http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201
			http://support.avaya.com/elmodocs2/security/ASA-2008-249...
			http://support.apple.com/kb/HT3438
			1020245
			238686
			GLSA-200806-07
			RHSA-2008:0504
			SUSE-SR:2008:019
			SUSE-SA:2008:027
			[xorg] 20080611 X.Org security advisory june 2008 - Mult...
			20080611 Multiple Vendor X Server Render Extension Gradi...
			APPLE-SA-2009-02-12
			ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-...

CVE-2008-2362

2008-06-16 21:41:00 2018-10-11 22:40:43

Vector

Complexity

Authentication

Confidentiality

Integrity

Availability

Numeric Errors (ID 189)