The ProcPutImage function in dix/dispatch.c in X.Org Server (aka xserver and xorg-server) before 1.16.4 allows attackers to cause a denial of service (divide-by-zero and crash) via a zero-height PutImage request.
Weakness
The product divides a value by zero.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| X_server | X.org | * | 1.16.3 (including) |
| Red Hat Enterprise Linux 6 | RedHat | xorg-x11-server-0:1.15.0-36.el6 | * |
| Xorg-server | Ubuntu | devel | * |
| Xorg-server | Ubuntu | esm-infra-legacy/trusty | * |
| Xorg-server | Ubuntu | lucid | * |
| Xorg-server | Ubuntu | precise | * |
| Xorg-server | Ubuntu | trusty | * |
| Xorg-server | Ubuntu | trusty/esm | * |
| Xorg-server | Ubuntu | upstream | * |
| Xorg-server | Ubuntu | utopic | * |
| Xorg-server | Ubuntu | vivid | * |
| Xorg-server-lts-quantal | Ubuntu | precise | * |
| Xorg-server-lts-raring | Ubuntu | precise | * |
| Xorg-server-lts-saucy | Ubuntu | precise | * |
| Xorg-server-lts-trusty | Ubuntu | precise | * |
References
- http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
- http://www.securityfocus.com/bid/74328
- https://cgit.freedesktop.org/xorg/xserver/commit/?id=dc777c346d5d452a53b13b917c45f6a1bad2f20b
- https://lists.x.org/archives/xorg-announce/2015-February/002532.html
- https://security.gentoo.org/glsa/201701-64
- http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
- http://www.securityfocus.com/bid/74328
- https://cgit.freedesktop.org/xorg/xserver/commit/?id=dc777c346d5d452a53b13b917c45f6a1bad2f20b
- https://lists.x.org/archives/xorg-announce/2015-February/002532.html
- https://security.gentoo.org/glsa/201701-64