CVE-2007-2437

Published May 2, 2007

Last updated 7 years ago

Overview

Description: The X render (Xrender) extension in X.org X Window System 7.0, 7.1, and 7.2, with Xserver 1.3.0 and earlier, allows remote authenticated users to cause a denial of service (daemon crash) via crafted values to the (1) XRenderCompositeTrapezoids and (2) XRenderAddTraps functions, which trigger a divide-by-zero error.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 5.5
Impact score: 6.9
Exploitability score: 5.1
Vector string: AV:A/AC:L/Au:S/C:N/I:N/A:C

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Vendor comments

Red HatRed Hat does not consider a user assisted client crash such as this to be a security flaw.

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:x.org:x_window_system:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0E7535CA-05CF-427D-B324-DDFE54DA4868"
          },
          {
            "criteria": "cpe:2.3:a:x.org:x_window_system:7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B61EBB36-ECE3-4993-8CAB-635D0857C962"
          },
          {
            "criteria": "cpe:2.3:a:x.org:x_window_system:7.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6DF46699-CFDF-4D0F-9418-AE02D13D63DB"
          },
          {
            "criteria": "cpe:2.3:a:x.org:xserver:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4BE67E87-FC3F-4BF6-A717-48888DECBAD7",
            "versionEndIncluding": "1.3.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Vendor comments

Configurations

References