Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1526

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2006-1526
Last Modified 07 Mar 2011 09:33:15
Published 02 May 2006 05:06:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2006-1526

Summary

Buffer overflow in the X render (Xrender) extension in X.org X server 6.8.0 up to allows attackers to cause a denial of service (crash), as demonstrated by the (1) XRenderCompositeTriStrip and (2) XRenderCompositeTriFan requests in the rendertest from XCB xcb/xcb-demo, which leads to an incorrect memory allocation due to a typo in an expression that uses a "&" instead of a "*" operator. NOTE: the subject line of the original announcement used an incorrect CVE number for this issue.

Vulnerable Systems

Application

  • X.org X11r6 6.7.0

  • X.org X11r6 6.8

  • X.org X11r6 6.8.1

  • X.org X11r6 6.9


References

CERT-VN - VU#633257

REDHAT - RHSA-2006:0451

SUSE - SUSE-SA:2006:023

GENTOO - GLSA-200605-02

SECUNIA - 19956

SECUNIA - 19951

SECUNIA - 19943

SECUNIA - 19921

SECUNIA - 19916

SECUNIA - 19915

SECUNIA - 19900

MLIST - [xorg] 20060502 [CVE-2006-1525] X.Org security advisory: Buffer overflow in the Xrender extension

CONFIRM - https://bugs.freedesktop.org/show_bug.cgi?id=6642

VUPEN - ADV-2006-1617

UBUNTU - USN-280-1

OPENBSD - [3.8] 007: SECURITY FIX: May 2, 2006

SECTRACK - 1016018

XF - xorg-xrender-bo(26200)

TRUSTIX - 2006-0024

BID - 17795

FEDORA - FLSA:190777

MANDRIVA - MDKSA-2006:081

SUNALERT - 102339

SECUNIA - 19983


Last Updated: 27 May 2016 10:42:06