CVE-2006-1526 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2006-1526
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-1526

Description: Buffer overflow in the X render (Xrender) extension in X.org X server 6.8.0 up to allows attackers to cause a denial of service (crash), as demonstrated by the (1) XRenderCompositeTriStrip and (2) XRenderCompositeTriFan requests in the rendertest from XCB xcb/xcb-demo, which leads to an incorrect memory allocation due to a typo in an expression that uses a "&" instead of a "*" operator. NOTE: the subject line of the original announcement used an incorrect CVE number for this issue.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/26200 UBUNTU http://www.ubuntulinux.org/support/documentation/usn/usn-280-1 TRUSTIX http://www.trustix.org/errata/2006/0024 SUSE http://www.novell.com/linux/security/advisories/2006_05_03.html SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-102339-1 ST 1016018 SAID Secunia Advisory: SA19983 Secunia Advisory: SA19956 Secunia Advisory: SA19951 Secunia Advisory: SA19916 Secunia Advisory: SA19900 Secunia Advisory: SA19943 Secunia Advisory: SA19921 Secunia Advisory: SA19915 REDHAT http://www.redhat.com/support/errata/RHSA-2006-0451.html OPENBSD http://www.openbsd.org/errata38.html#xorg MLIST http://lists.freedesktop.org/archives/xorg/2006-May/015136.html MANDRIVA http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:081 GENTOO http://www.gentoo.org/security/en/glsa/glsa-200605-02.xml FEDORA http://www.securityfocus.com/archive/1/archive/1/436327/100/0/threaded CONFIRM CERT-VN 633257 BID 17795

Return to the previous page.