Remote Authenticated Denial of Service in X.org X Window System by XRender Extension
CVE-2007-2437

Currently unrated

Key Information:

Vendor: X.org
Status: X Window System; Xserver
Vendor: CVE Published:; 2 May 2007

What is CVE-2007-2437?

The XRender extension in X.org X Window System versions 7.0, 7.1, and 7.2, along with Xserver 1.3.0 and earlier, is susceptible to a denial of service vulnerability. This flaw enables remote authenticated users to manipulate crafted input values in specific XRender functions, including XRenderCompositeTrapezoids and XRenderAddTraps. When exploited, this vulnerability can trigger a divide-by-zero error, leading to the crashing of the X server daemon, thereby disrupting service and affecting system stability.

References

http://www.rapid7.com/advisories/R7-0027.jsp

x_refsource_MISC

http://www.vupen.com/english/advisories/2007/1658

vdb-entryx_refsource_VUPEN

http://www.vupen.com/english/advisories/2007/1601

vdb-entryx_refsource_VUPEN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 2, 2007
Vulnerability Reserved
May 1, 2007