// For flags

CVE-2008-2362

X.org Render extension input validation flaw causing memory corruption

Severity Score

10.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Multiple integer overflows in the Render extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via a (1) SProcRenderCreateLinearGradient, (2) SProcRenderCreateRadialGradient, or (3) SProcRenderCreateConicalGradient request with an invalid field specifying the number of bytes to swap in the request data, which triggers heap memory corruption.

Múltiples desbordamientos de entero en la extensión Render en el servidor X 1.4 de X.Org X11R7.3 permite a atacantes dependientes de contexto ejecutar código de su elección a través de una petición (1) SProcRenderCreateLinearGradient, (2) SProcRenderCreateRadialGradient, o (3) SProcRenderCreateConicalGradient con un campo inválido especificando el número de bytes a intercambiar en la petición de datos, lo cual dispara una corrupción de memoria en montículo.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2008-05-21 CVE Reserved
  • 2008-06-11 CVE Published
  • 2024-06-22 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
  • CWE-189: Numeric Errors
CAPEC
References (44)
URL Tag Source
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=720 Third Party Advisory
http://lists.freedesktop.org/archives/xorg/2008-June/036026.html Mailing List
http://secunia.com/advisories/30671 Third Party Advisory
http://secunia.com/advisories/30715 Third Party Advisory
http://secunia.com/advisories/30772 Third Party Advisory
http://secunia.com/advisories/30809 Third Party Advisory
http://secunia.com/advisories/30843 Third Party Advisory
http://secunia.com/advisories/31025 Third Party Advisory
http://secunia.com/advisories/31109 Third Party Advisory
http://secunia.com/advisories/32099 Third Party Advisory
http://secunia.com/advisories/33937 Third Party Advisory
http://securitytracker.com/id?1020245 Vdb Entry
http://support.apple.com/kb/HT3438 X_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm X_refsource_confirm
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201 X_refsource_confirm
http://www.securityfocus.com/archive/1/493548/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/493550/100/0/threaded Mailing List
http://www.vupen.com/english/advisories/2008/1803 Vdb Entry
http://www.vupen.com/english/advisories/2008/1833 Vdb Entry
http://www.vupen.com/english/advisories/2008/1983/references Vdb Entry
https://issues.rpath.com/browse/RPL-2607 X_refsource_confirm
https://issues.rpath.com/browse/RPL-2619 X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11246 Signature
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
X
Search vendor "X"
X11
Search vendor "X" for product "X11"
r7.3
Search vendor "X" for product "X11" and version "r7.3"
-
Affected