CVE Vulnerabilities

CVE-2006-1526

Published: May 02, 2006 | Modified: Oct 18, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
2.1 LOW
AV:L/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

Buffer overflow in the X render (Xrender) extension in X.org X server 6.8.0 up to allows attackers to cause a denial of service (crash), as demonstrated by the (1) XRenderCompositeTriStrip and (2) XRenderCompositeTriFan requests in the rendertest from XCB xcb/xcb-demo, which leads to an incorrect memory allocation due to a typo in an expression that uses a & instead of a * operator. NOTE: the subject line of the original announcement used an incorrect CVE number for this issue.

Affected Software

Name Vendor Start Version End Version
X11r6 X.org 6.7.0 6.7.0
X11r6 X.org 6.8 6.8
X11r6 X.org 6.8.1 6.8.1
X11r6 X.org 6.9 6.9
Red Hat Enterprise Linux 4 RedHat xorg-x11-0:6.8.2-1.EL.13.25.1 *
Xorg-server Ubuntu dapper *
Xorg-server Ubuntu devel *
Xorg-server Ubuntu edgy *
Xorg-server Ubuntu feisty *

References