// For flags

CVE-2015-3418

Gentoo Linux Security Advisory 201701-64

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The ProcPutImage function in dix/dispatch.c in X.Org Server (aka xserver and xorg-server) before 1.16.4 allows attackers to cause a denial of service (divide-by-zero and crash) via a zero-height PutImage request.

La función ProcPutImage en dix/dispatch.c en X.Org Server (también conocido como xserver y xorg-server) en versiones anteriores a 1.16.4 permite a atacantes provocar una denegación de servicio (división por cero y caída) a través de una solicitud PutImage de altura cero.

Multiple vulnerabilities have been found in X.Org X Server, the worst of which may allow authenticated attackers to read from or send information to arbitrary X11 clients. Versions less than 1.18.4 are affected.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-04-24 CVE Reserved
  • 2016-12-13 CVE Published
  • 2024-08-06 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-369: Divide By Zero
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
X.org
Search vendor "X.org"
 Xorg-server
Search vendor "X.org" for product "Xorg-server"
 <= 1.16.3
Search vendor "X.org" for product "Xorg-server" and version " <= 1.16.3"
-
Affected