CVE-2008-2362

Publication date 13 June 2008

Last updated 24 July 2024

Ubuntu priority

Low

Why this priority?

Description

Multiple integer overflows in the Render extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via a (1) SProcRenderCreateLinearGradient, (2) SProcRenderCreateRadialGradient, or (3) SProcRenderCreateConicalGradient request with an invalid field specifying the number of bytes to swap in the request data, which triggers heap memory corruption.

Status

Package Ubuntu Release Status
xorg-server 8.04 LTS hardy
Fixed 2:1.4.1~git20080131-1ubuntu9.2
7.10 gutsy
Fixed 2:1.3.0.0.dfsg-12ubuntu8.4
7.04 feisty
Fixed 2:1.2.0-3ubuntu8.4
6.06 LTS dapper
Fixed 1:1.0.2-0ubuntu10.13

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
xorg-server

References

Related Ubuntu Security Notices (USN)

    • USN-616-1
    • X.org vulnerabilities
    • 13 June 2008

Other references