Lucene search

[email protected]CVE-2006-1526

HistoryMay 02, 2006 - 9:06 p.m.

CVE-2006-1526

2006-05-0221:06:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-1526

buffer overflow

x render extension

x.org x server 6.8.0

denial of service

xcb xcb/xcb-demo

memory allocation

typo

expression

incorrect cve number

6.4 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

39.8%

JSON

Buffer overflow in the X render (Xrender) extension in X.org X server 6.8.0 up to allows attackers to cause a denial of service (crash), as demonstrated by the (1) XRenderCompositeTriStrip and (2) XRenderCompositeTriFan requests in the rendertest from XCB xcb/xcb-demo, which leads to an incorrect memory allocation due to a typo in an expression that uses a “&” instead of a “*” operator. NOTE: the subject line of the original announcement used an incorrect CVE number for this issue.

CPENameOperatorVersion
x.org:x11r6x.org x11r6eq6.8.1
x.org:x11r6x.org x11r6eq6.7.0
x.org:x11r6x.org x11r6eq6.8
x.org:x11r6x.org x11r6eq6.9

CPE	Name	Operator	Version
x.org:x11r6	x.org x11r6	eq	6.8.1
x.org:x11r6	x.org x11r6	eq	6.7.0
x.org:x11r6	x.org x11r6	eq	6.8
x.org:x11r6	x.org x11r6	eq	6.9

References

lists.freedesktop.org/archives/xorg/2006-May/015136.html

secunia.com/advisories/19900

secunia.com/advisories/19915

secunia.com/advisories/19916

secunia.com/advisories/19921

secunia.com/advisories/19943

secunia.com/advisories/19951

secunia.com/advisories/19956

secunia.com/advisories/19983

securitytracker.com/id?1016018

sunsolve.sun.com/search/document.do?assetkey=1-26-102339-1

www.gentoo.org/security/en/glsa/glsa-200605-02.xml

www.kb.cert.org/vuls/id/633257

www.mandriva.com/security/advisories?name=MDKSA-2006:081

www.novell.com/linux/security/advisories/2006_05_03.html

www.openbsd.org/errata38.html#xorg

www.redhat.com/support/errata/RHSA-2006-0451.html

www.securityfocus.com/archive/1/436327/100/0/threaded

www.securityfocus.com/bid/17795

www.trustix.org/errata/2006/0024

www.vupen.com/english/advisories/2006/1617

bugs.freedesktop.org/show_bug.cgi?id=6642

exchange.xforce.ibmcloud.com/vulnerabilities/26200

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9929

usn.ubuntu.com/280-1/

6.4 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

39.8%

JSON

Related for CVE-2006-1526

suse1 openvas8 nessus10 securityvulns1 centos1 cert1 redhat1 gentoo1 ubuntu1 prion1 debiancve1 altlinux1 ubuntucve1 fedora2 slackware1