CVE-2008-2361

Publication date 16 June 2008

Last updated 24 July 2024

Description

Integer overflow in the ProcRenderCreateCursor function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to cause a denial of service (daemon crash) via unspecified request fields that are used to calculate a glyph buffer size, which triggers a dereference of unmapped memory.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
xorg-server	8.04 LTS hardy	Fixed 2:1.4.1~git20080131-1ubuntu9.2
	7.10 gutsy	Fixed 2:1.3.0.0.dfsg-12ubuntu8.4
	7.04 feisty	Fixed 2:1.2.0-3ubuntu8.4
	6.06 LTS dapper	Fixed 1:1.0.2-0ubuntu10.13

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
xorg-server	Upstream: ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2361.diff

References

Related Ubuntu Security Notices (USN)

USN-616-1
X.org vulnerabilities
13 June 2008

Other references

https://www.cve.org/CVERecord?id=CVE-2008-2361