Denial of Service Vulnerability in X.Org Server Software
CVE-2015-3418

7.5HIGH

Key Information:

Vendor

X.org

Status
Xorg-server
Vendor
CVE Published:
13 December 2016

What is CVE-2015-3418?

The ProcPutImage function in the X.Org Server is susceptible to a vulnerability that can be exploited by sending a zero-height PutImage request. This can result in a denial of service, causing the server to experience a divide-by-zero error, which ultimately leads to a crash. This vulnerability affects versions of the X.Org Server prior to 1.16.4, making it essential for users to upgrade to avoid potential attacks.

References

http://www.securityfocus.com/bid/74328
vdb-entryx_refsource_BID
https://cgit.freedesktop.org/xorg/xserver/commit/?id=dc77...
x_refsource_CONFIRM
https://security.gentoo.org/glsa/201701-64
vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.