CVE-2008-2362 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-2362
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-2362

Description: Multiple integer overflows in the Render extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via a (1) SProcRenderCreateLinearGradient, (2) SProcRenderCreateRadialGradient, or (3) SProcRenderCreateConicalGradient request with an invalid field specifying the number of bytes to swap in the request data, which triggers heap memory corruption.

CVE Status: Candidate

References: UBUNTU http://www.ubuntu.com/usn/usn-616-1 SUSE http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1 ST 1020245 SAID Secunia Advisory: SA33937 Secunia Advisory: SA31025 Secunia Advisory: SA32099 Secunia Advisory: SA31109 Secunia Advisory: SA30843 Secunia Advisory: SA30809 Secunia Advisory: SA30772 Secunia Advisory: SA30715 Secunia Advisory: SA30627 Secunia Advisory: SA30671 Secunia Advisory: SA30666 Secunia Advisory: SA30664 Secunia Advisory: SA30659 Secunia Advisory: SA30630 Secunia Advisory: SA30637 REDHAT http://rhn.redhat.com/errata/RHSA-2008-0504.html MLIST http://lists.freedesktop.org/archives/xorg/2008-June/036026.html MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2008:179 http://www.mandriva.com/security/advisories?name=MDVSA-2008:116 IDEFENSE http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=720 GENTOO http://security.gentoo.org/glsa/glsa-200806-07.xml http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml DEBIAN http://www.debian.org/security/2008/dsa-1595 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm http://support.apple.com/kb/HT3438 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/493550/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/493548/100/0/threaded BID 29670 APPLE http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html

Return to the previous page.