SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2008-2362

Date: (C)2008-06-16 (M)2023-12-22

Multiple integer overflows in the Render extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via a (1) SProcRenderCreateLinearGradient, (2) SProcRenderCreateRadialGradient, or (3) SProcRenderCreateConicalGradient request with an invalid field specifying the number of bytes to swap in the request data, which triggers heap memory corruption.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 10.0
Exploit Score: 10.0
Impact Score: 10.0

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE

Reference:

SECTRACK-1020245

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=720

http://www.securityfocus.com/archive/1/493548/100/0/threaded

http://www.securityfocus.com/archive/1/493550/100/0/threaded

SUNALERT-238686

APPLE-SA-2009-02-12

SUSE-SA:2008:027

SUSE-SR:2008:019

http://lists.freedesktop.org/archives/xorg/2008-June/036026.html

ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2362.diff

http://support.apple.com/kb/HT3438

http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201

https://issues.rpath.com/browse/RPL-2607

https://issues.rpath.com/browse/RPL-2619

oval:org.mitre.oval:def:11246

oval:org.mitre.oval:def:8313
oval:org.secpod.oval:def:301595
oval:org.secpod.oval:def:301416

© SecPod Technologies