- Description
- The X render (Xrender) extension in X.org X Window System 7.0, 7.1, and 7.2, with Xserver 1.3.0 and earlier, allows remote authenticated users to cause a denial of service (daemon crash) via crafted values to the (1) XRenderCompositeTrapezoids and (2) XRenderAddTraps functions, which trigger a divide-by-zero error.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 5.5
- Impact score
- 6.9
- Exploitability score
- 5.1
- Vector string
- AV:A/AC:L/Au:S/C:N/I:N/A:C
- Hype score
- Not currently trending
- Red HatRed Hat does not consider a user assisted client crash such as this to be a security flaw.
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:x.org:x_window_system:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0E7535CA-05CF-427D-B324-DDFE54DA4868"
},
{
"criteria": "cpe:2.3:a:x.org:x_window_system:7.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B61EBB36-ECE3-4993-8CAB-635D0857C962"
},
{
"criteria": "cpe:2.3:a:x.org:x_window_system:7.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6DF46699-CFDF-4D0F-9418-AE02D13D63DB"
},
{
"criteria": "cpe:2.3:a:x.org:xserver:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4BE67E87-FC3F-4BF6-A717-48888DECBAD7",
"versionEndIncluding": "1.3.0"
}
],
"operator": "OR"
}
]
}
]