Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Pixman | Pixman | * | 0.31.2 (excluding) |