Search

Find a vulnerability

Search criteria

    11 vulnerabilities found for x11 by x

    VAR-201205-0381

    Vulnerability from variot - Updated: 2025-04-11 22:56

    Format string vulnerability in the LogVHdrMessageVerb function in os/log.c in X.Org X11 1.11 allows attackers to cause a denial of service or possibly execute arbitrary code via format string specifiers in an input device name. X.Org is an open source implementation of the X.Org Foundation for the X Window System. X.Org is prone to a local format-string vulnerability. An attacker may exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201207-04


                                            http://security.gentoo.org/
    

    Severity: High Title: X.Org X Server: Privilege escalation Date: July 09, 2012 Bugs: #412609 ID: 201207-04


    Synopsis

    A format string vulnerability in X.Org X Server may allow local privilege escalation or Denial of Service.

    NOTE: Exposure to this vulnerability is reduced in Gentoo due to X.Org X Server being built with "-D_FORTIFY_SOURCE=2" by default.

    Impact

    A local attacker could gain escalated privileges or cause a Denial of Service condition.

    Workaround

    There is no known workaround at this time.

    Resolution

    All X.Org X Server 1.11.x users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot --verbose ">=x11-base/xorg-server-1.11.4-r1"=

    All X.Org X Server 1.10.x users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot --verbose ">=x11-base/xorg-server-1.10.6-r1"=

    X.Org X Server 1.9.x is not affected.

    References

    [ 1 ] CVE-2012-2118 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2118

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    http://security.gentoo.org/glsa/glsa-201207-04.xml

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License

    Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

    http://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-1502-1 July 11, 2012

    xorg-server vulnerability

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 12.04 LTS

    Summary:

    The X.Org X server could be made to crash if a specially crafted input device was added.

    The default compiler options for the affected release should reduce the vulnerability to a denial of service.

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 12.04 LTS: xserver-xorg-core 2:1.11.4-0ubuntu10.5

    After a standard system update you need to reboot your computer to make all the necessary changes.

    References: http://www.ubuntu.com/usn/usn-1502-1 CVE-2012-2118

    Package Information: https://launchpad.net/ubuntu/+source/xorg-server/2:1.11.4-0ubuntu10.5 .


    References:

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2118 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0299


    Updated Packages:

    Mandriva Business Server 1/X86_64: 00a312b53f5f738eb99136baa320b377 mbs1/x86_64/x11-server-1.11.4-12.1.mbs1.x86_64.rpm 5d7904e06c3ac9f9a2ec7ffc17e08e84 mbs1/x86_64/x11-server-common-1.11.4-12.1.mbs1.x86_64.rpm 0afd9ce4b40f61de739c6e044b18214d mbs1/x86_64/x11-server-devel-1.11.4-12.1.mbs1.x86_64.rpm cd0740f1c1b38629c715d4928b5b073c mbs1/x86_64/x11-server-source-1.11.4-12.1.mbs1.noarch.rpm f67e5502f5a3f539b63f3035b6d2bfeb mbs1/x86_64/x11-server-xdmx-1.11.4-12.1.mbs1.x86_64.rpm 0ade415fecb6b7025db51ca751713284 mbs1/x86_64/x11-server-xephyr-1.11.4-12.1.mbs1.x86_64.rpm e876de003069ff43554b5df2bb44a92c mbs1/x86_64/x11-server-xfake-1.11.4-12.1.mbs1.x86_64.rpm a063fca83d52a911533a0e65507593c5 mbs1/x86_64/x11-server-xfbdev-1.11.4-12.1.mbs1.x86_64.rpm d77deac2203fab6cd1dcff00bee9c706 mbs1/x86_64/x11-server-xnest-1.11.4-12.1.mbs1.x86_64.rpm 0d404052d4611a66228afadf3ce406c9 mbs1/x86_64/x11-server-xorg-1.11.4-12.1.mbs1.x86_64.rpm 28d31da41ae4293f0565a25c385058bd mbs1/x86_64/x11-server-xvfb-1.11.4-12.1.mbs1.x86_64.rpm f2c9457f6009e3d0f1b6cf29b575128f mbs1/SRPMS/x11-server-1.11.4-12.1.mbs1.src.rpm


    To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

    All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

    gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

    You can view other update advisories for Mandriva Linux at:

    http://www.mandriva.com/en/support/security/advisories/

    If you want to report vulnerabilities, please contact

    security_(at)_mandriva.com


    Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)

    iD8DBQFRZWOCmqjQ0CJFipgRAsWxAJwLgz1JpCiGvTEgKYKW/AC8wTjpsQCg6hrX 4uir2ZgG/O3KO+jNnlFYOpc= =4lwv -----END PGP SIGNATURE-----

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "x11",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "x",
            "version": "1.11"
          },
          {
            "_id": null,
            "model": "x.org",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "x",
            "version": "0"
          },
          {
            "_id": null,
            "model": "x.org x11",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "x",
            "version": "1.11"
          },
          {
            "_id": null,
            "model": "linux lts i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "12.04"
          },
          {
            "_id": null,
            "model": "linux lts amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "12.04"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": null,
            "trust": 0.3,
            "vendor": "gentoo",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2012-7656"
          },
          {
            "db": "BID",
            "id": "53150"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-002467"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201204-425"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-2118"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:x.org:x.org_x11",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-002467"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Kees Cook",
        "sources": [
          {
            "db": "BID",
            "id": "53150"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201204-425"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2012-2118",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2012-2118",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2012-7656",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2012-2118",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2012-2118",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2012-7656",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201204-425",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2012-2118",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2012-7656"
          },
          {
            "db": "VULMON",
            "id": "CVE-2012-2118"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-002467"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201204-425"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-2118"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "Format string vulnerability in the LogVHdrMessageVerb function in os/log.c in X.Org X11 1.11 allows attackers to cause a denial of service or possibly execute arbitrary code via format string specifiers in an input device name. X.Org is an open source implementation of the X.Org Foundation for the X Window System. X.Org is prone to a local format-string vulnerability. \nAn attacker may exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201207-04\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: X.Org X Server: Privilege escalation\n     Date: July 09, 2012\n     Bugs: #412609\n       ID: 201207-04\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nA format string vulnerability in X.Org X Server may allow local\nprivilege escalation or Denial of Service. \n\nNOTE: Exposure to this vulnerability is reduced in Gentoo due to X.Org\nX Server being built with \"-D_FORTIFY_SOURCE=2\" by default. \n\nImpact\n======\n\nA local attacker could gain escalated privileges or cause a Denial of\nService condition. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll X.Org X Server 1.11.x users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=x11-base/xorg-server-1.11.4-r1\"=\n\n\nAll X.Org X Server 1.10.x users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=x11-base/xorg-server-1.10.6-r1\"=\n\n\nX.Org X Server 1.9.x is not affected. \n\nReferences\n==========\n\n[ 1 ] CVE-2012-2118\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2118\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201207-04.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ==========================================================================\nUbuntu Security Notice USN-1502-1\nJuly 11, 2012\n\nxorg-server vulnerability\n==========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 12.04 LTS\n\nSummary:\n\nThe X.Org X server could be made to crash if a specially crafted input\ndevice was added. \n\nThe default compiler options for the affected release should reduce\nthe vulnerability to a denial of service. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 12.04 LTS:\n  xserver-xorg-core               2:1.11.4-0ubuntu10.5\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nReferences:\n  http://www.ubuntu.com/usn/usn-1502-1\n  CVE-2012-2118\n\nPackage Information:\n  https://launchpad.net/ubuntu/+source/xorg-server/2:1.11.4-0ubuntu10.5\n. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2118\n https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0299\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n 00a312b53f5f738eb99136baa320b377  mbs1/x86_64/x11-server-1.11.4-12.1.mbs1.x86_64.rpm\n 5d7904e06c3ac9f9a2ec7ffc17e08e84  mbs1/x86_64/x11-server-common-1.11.4-12.1.mbs1.x86_64.rpm\n 0afd9ce4b40f61de739c6e044b18214d  mbs1/x86_64/x11-server-devel-1.11.4-12.1.mbs1.x86_64.rpm\n cd0740f1c1b38629c715d4928b5b073c  mbs1/x86_64/x11-server-source-1.11.4-12.1.mbs1.noarch.rpm\n f67e5502f5a3f539b63f3035b6d2bfeb  mbs1/x86_64/x11-server-xdmx-1.11.4-12.1.mbs1.x86_64.rpm\n 0ade415fecb6b7025db51ca751713284  mbs1/x86_64/x11-server-xephyr-1.11.4-12.1.mbs1.x86_64.rpm\n e876de003069ff43554b5df2bb44a92c  mbs1/x86_64/x11-server-xfake-1.11.4-12.1.mbs1.x86_64.rpm\n a063fca83d52a911533a0e65507593c5  mbs1/x86_64/x11-server-xfbdev-1.11.4-12.1.mbs1.x86_64.rpm\n d77deac2203fab6cd1dcff00bee9c706  mbs1/x86_64/x11-server-xnest-1.11.4-12.1.mbs1.x86_64.rpm\n 0d404052d4611a66228afadf3ce406c9  mbs1/x86_64/x11-server-xorg-1.11.4-12.1.mbs1.x86_64.rpm\n 28d31da41ae4293f0565a25c385058bd  mbs1/x86_64/x11-server-xvfb-1.11.4-12.1.mbs1.x86_64.rpm \n f2c9457f6009e3d0f1b6cf29b575128f  mbs1/SRPMS/x11-server-1.11.4-12.1.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFRZWOCmqjQ0CJFipgRAsWxAJwLgz1JpCiGvTEgKYKW/AC8wTjpsQCg6hrX\n4uir2ZgG/O3KO+jNnlFYOpc=\n=4lwv\n-----END PGP SIGNATURE-----\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2012-2118"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-002467"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-7656"
          },
          {
            "db": "BID",
            "id": "53150"
          },
          {
            "db": "VULMON",
            "id": "CVE-2012-2118"
          },
          {
            "db": "PACKETSTORM",
            "id": "114582"
          },
          {
            "db": "PACKETSTORM",
            "id": "114631"
          },
          {
            "db": "PACKETSTORM",
            "id": "121272"
          }
        ],
        "trust": 2.79
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2012-2118",
            "trust": 3.1
          },
          {
            "db": "BID",
            "id": "53150",
            "trust": 2.6
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2012/04/19/2",
            "trust": 1.7
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2012/04/18/8",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-002467",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-7656",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "19404",
            "trust": 0.6
          },
          {
            "db": "XF",
            "id": "74930",
            "trust": 0.6
          },
          {
            "db": "MLIST",
            "id": "[OSS-SECURITY] 20120418 RE: CVE REQUEST: XORG INPUT DEVICE FORMAT STRING FLAW",
            "trust": 0.6
          },
          {
            "db": "MLIST",
            "id": "[OSS-SECURITY] 20120418 CVE REQUEST: XORG INPUT DEVICE FORMAT STRING FLAW",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201204-425",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2012-2118",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "114582",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "114631",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "121272",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2012-7656"
          },
          {
            "db": "VULMON",
            "id": "CVE-2012-2118"
          },
          {
            "db": "BID",
            "id": "53150"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-002467"
          },
          {
            "db": "PACKETSTORM",
            "id": "114582"
          },
          {
            "db": "PACKETSTORM",
            "id": "114631"
          },
          {
            "db": "PACKETSTORM",
            "id": "121272"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201204-425"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-2118"
          }
        ]
      },
      "id": "VAR-201205-0381",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2012-7656"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "_id": null,
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2012-7656"
          }
        ]
      },
      "last_update_date": "2025-04-11T22:56:16.268000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "patch/10001",
            "trust": 0.8,
            "url": "http://patchwork.freedesktop.org/patch/10001/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.x.org/wiki/"
          },
          {
            "title": "Debian CVElist Bug Report Logs: CVE-2012-2118",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=a4adb9729a486c893dd67000cd0d4860"
          },
          {
            "title": "Ubuntu Security Notice: xorg-server vulnerability",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1502-1"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2012-2118"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-002467"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-002467"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-2118"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 1.8,
            "url": "http://www.securityfocus.com/bid/53150"
          },
          {
            "trust": 1.7,
            "url": "http://www.openwall.com/lists/oss-security/2012/04/19/2"
          },
          {
            "trust": 1.7,
            "url": "http://patchwork.freedesktop.org/patch/10001/"
          },
          {
            "trust": 1.7,
            "url": "http://www.openwall.com/lists/oss-security/2012/04/18/8"
          },
          {
            "trust": 1.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74930"
          },
          {
            "trust": 0.9,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2118"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2118"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/53150/info"
          },
          {
            "trust": 0.6,
            "url": "http://xforce.iss.net/xforce/xfdb/74930"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/19404"
          },
          {
            "trust": 0.3,
            "url": "http://seclists.org/oss-sec/2012/q2/110"
          },
          {
            "trust": 0.3,
            "url": "http://www.x.org/wiki/"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2118"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/20.html"
          },
          {
            "trust": 0.1,
            "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=673148"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://usn.ubuntu.com/1502-1/"
          },
          {
            "trust": 0.1,
            "url": "http://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-2118"
          },
          {
            "trust": 0.1,
            "url": "http://security.gentoo.org/glsa/glsa-201207-04.xml"
          },
          {
            "trust": 0.1,
            "url": "http://security.gentoo.org/"
          },
          {
            "trust": 0.1,
            "url": "https://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/xorg-server/2:1.11.4-0ubuntu10.5"
          },
          {
            "trust": 0.1,
            "url": "http://www.ubuntu.com/usn/usn-1502-1"
          },
          {
            "trust": 0.1,
            "url": "http://www.mandriva.com/en/support/security/"
          },
          {
            "trust": 0.1,
            "url": "http://www.mandriva.com/en/support/security/advisories/"
          },
          {
            "trust": 0.1,
            "url": "https://wiki.mageia.org/en/support/advisories/mgasa-2012-0299"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2012-7656"
          },
          {
            "db": "VULMON",
            "id": "CVE-2012-2118"
          },
          {
            "db": "BID",
            "id": "53150"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-002467"
          },
          {
            "db": "PACKETSTORM",
            "id": "114582"
          },
          {
            "db": "PACKETSTORM",
            "id": "114631"
          },
          {
            "db": "PACKETSTORM",
            "id": "121272"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201204-425"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-2118"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2012-7656",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2012-2118",
            "ident": null
          },
          {
            "db": "BID",
            "id": "53150",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-002467",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "114582",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "114631",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "121272",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201204-425",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2012-2118",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2012-04-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2012-7656",
            "ident": null
          },
          {
            "date": "2012-05-18T00:00:00",
            "db": "VULMON",
            "id": "CVE-2012-2118",
            "ident": null
          },
          {
            "date": "2012-04-18T00:00:00",
            "db": "BID",
            "id": "53150",
            "ident": null
          },
          {
            "date": "2012-05-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2012-002467",
            "ident": null
          },
          {
            "date": "2012-07-10T13:48:11",
            "db": "PACKETSTORM",
            "id": "114582",
            "ident": null
          },
          {
            "date": "2012-07-12T01:27:45",
            "db": "PACKETSTORM",
            "id": "114631",
            "ident": null
          },
          {
            "date": "2013-04-11T15:51:14",
            "db": "PACKETSTORM",
            "id": "121272",
            "ident": null
          },
          {
            "date": "2012-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201204-425",
            "ident": null
          },
          {
            "date": "2012-05-18T22:55:03.093000",
            "db": "NVD",
            "id": "CVE-2012-2118",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2012-04-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2012-7656",
            "ident": null
          },
          {
            "date": "2017-08-29T00:00:00",
            "db": "VULMON",
            "id": "CVE-2012-2118",
            "ident": null
          },
          {
            "date": "2013-04-10T17:58:00",
            "db": "BID",
            "id": "53150",
            "ident": null
          },
          {
            "date": "2012-05-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2012-002467",
            "ident": null
          },
          {
            "date": "2012-05-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201204-425",
            "ident": null
          },
          {
            "date": "2025-04-11T00:51:21.963000",
            "db": "NVD",
            "id": "CVE-2012-2118",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201204-425"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "X.Org Input Device Format String Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2012-7656"
          },
          {
            "db": "BID",
            "id": "53150"
          }
        ],
        "trust": 0.9
      },
      "type": {
        "_id": null,
        "data": "input validation",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201204-425"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2011-0465 (GCVE-0-2011-0465)

    Vulnerability from nvd – Published: 2011-04-08 15:00 – Updated: 2024-08-06 21:51
    VLAI
    Summary
    xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a (1) DHCP or (2) XDMCP message.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.freedesktop.org/archives/xorg-announ… mailing-listx_refsource_MLIST
    http://www.redhat.com/support/errata/RHSA-2011-04… vendor-advisoryx_refsource_REDHAT
    http://www.vupen.com/english/advisories/2011/0966 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/44040 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2011/dsa-2213 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/44082 third-party-advisoryx_refsource_SECUNIA
    https://bugzilla.redhat.com/show_bug.cgi?id=680196 x_refsource_CONFIRM
    http://www.securitytracker.com/id?1025317 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/47189 vdb-entryx_refsource_BID
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://secunia.com/advisories/44123 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2011/0880 vdb-entryx_refsource_VUPEN
    http://www.vupen.com/english/advisories/2011/0906 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/44012 third-party-advisoryx_refsource_SECUNIA
    http://cgit.freedesktop.org/xorg/app/xrdb/commit/… x_refsource_CONFIRM
    http://secunia.com/advisories/44010 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.ubuntu.com/usn/USN-1107-1 vendor-advisoryx_refsource_UBUNTU
    http://slackware.com/security/viewer.php?l=slackw… vendor-advisoryx_refsource_SLACKWARE
    http://www.vupen.com/english/advisories/2011/0889 vdb-entryx_refsource_VUPEN
    http://www.vupen.com/english/advisories/2011/0929 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/44122 third-party-advisoryx_refsource_SECUNIA
    http://lists.freedesktop.org/archives/xorg-announ… mailing-listx_refsource_MLIST
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://www.redhat.com/support/errata/RHSA-2011-04… vendor-advisoryx_refsource_REDHAT
    http://www.vupen.com/english/advisories/2011/0975 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/44193 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://lwn.net/Articles/437150/ vendor-advisoryx_refsource_SUSE
    Date Public
    2011-04-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:51:08.842Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[xorg-announce] 20110405 X.Org security advisory: root hole via rogue hostname",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.freedesktop.org/archives/xorg-announce/2011-April/001636.html"
              },
              {
                "name": "RHSA-2011:0433",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2011-0433.html"
              },
              {
                "name": "ADV-2011-0966",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0966"
              },
              {
                "name": "44040",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/44040"
              },
              {
                "name": "DSA-2213",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2011/dsa-2213"
              },
              {
                "name": "44082",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/44082"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=680196"
              },
              {
                "name": "1025317",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1025317"
              },
              {
                "name": "47189",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/47189"
              },
              {
                "name": "FEDORA-2011-4871",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057928.html"
              },
              {
                "name": "44123",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/44123"
              },
              {
                "name": "ADV-2011-0880",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0880"
              },
              {
                "name": "ADV-2011-0906",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0906"
              },
              {
                "name": "44012",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/44012"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56"
              },
              {
                "name": "44010",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/44010"
              },
              {
                "name": "xorg11-xrdb-command-execution(66585)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66585"
              },
              {
                "name": "USN-1107-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1107-1"
              },
              {
                "name": "SSA:2011-096-01",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SLACKWARE",
                  "x_transferred"
                ],
                "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.465748"
              },
              {
                "name": "ADV-2011-0889",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0889"
              },
              {
                "name": "ADV-2011-0929",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0929"
              },
              {
                "name": "44122",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/44122"
              },
              {
                "name": "[xorg-announce] 20110405 xrdb 1.0.9",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.freedesktop.org/archives/xorg-announce/2011-April/001635.html"
              },
              {
                "name": "MDVSA-2011:076",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:076"
              },
              {
                "name": "RHSA-2011:0432",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2011-0432.html"
              },
              {
                "name": "ADV-2011-0975",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0975"
              },
              {
                "name": "44193",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/44193"
              },
              {
                "name": "SUSE-SA:2011:016",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00002.html"
              },
              {
                "name": "openSUSE-SU-2011:0298",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "https://lwn.net/Articles/437150/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-04-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a (1) DHCP or (2) XDMCP message."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[xorg-announce] 20110405 X.Org security advisory: root hole via rogue hostname",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.freedesktop.org/archives/xorg-announce/2011-April/001636.html"
            },
            {
              "name": "RHSA-2011:0433",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0433.html"
            },
            {
              "name": "ADV-2011-0966",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0966"
            },
            {
              "name": "44040",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/44040"
            },
            {
              "name": "DSA-2213",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2213"
            },
            {
              "name": "44082",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/44082"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=680196"
            },
            {
              "name": "1025317",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1025317"
            },
            {
              "name": "47189",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/47189"
            },
            {
              "name": "FEDORA-2011-4871",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057928.html"
            },
            {
              "name": "44123",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/44123"
            },
            {
              "name": "ADV-2011-0880",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0880"
            },
            {
              "name": "ADV-2011-0906",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0906"
            },
            {
              "name": "44012",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/44012"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56"
            },
            {
              "name": "44010",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/44010"
            },
            {
              "name": "xorg11-xrdb-command-execution(66585)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66585"
            },
            {
              "name": "USN-1107-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1107-1"
            },
            {
              "name": "SSA:2011-096-01",
              "tags": [
                "vendor-advisory",
                "x_refsource_SLACKWARE"
              ],
              "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.465748"
            },
            {
              "name": "ADV-2011-0889",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0889"
            },
            {
              "name": "ADV-2011-0929",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0929"
            },
            {
              "name": "44122",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/44122"
            },
            {
              "name": "[xorg-announce] 20110405 xrdb 1.0.9",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.freedesktop.org/archives/xorg-announce/2011-April/001635.html"
            },
            {
              "name": "MDVSA-2011:076",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:076"
            },
            {
              "name": "RHSA-2011:0432",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0432.html"
            },
            {
              "name": "ADV-2011-0975",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0975"
            },
            {
              "name": "44193",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/44193"
            },
            {
              "name": "SUSE-SA:2011:016",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00002.html"
            },
            {
              "name": "openSUSE-SU-2011:0298",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "https://lwn.net/Articles/437150/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-0465",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a (1) DHCP or (2) XDMCP message."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[xorg-announce] 20110405 X.Org security advisory: root hole via rogue hostname",
                  "refsource": "MLIST",
                  "url": "http://lists.freedesktop.org/archives/xorg-announce/2011-April/001636.html"
                },
                {
                  "name": "RHSA-2011:0433",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2011-0433.html"
                },
                {
                  "name": "ADV-2011-0966",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0966"
                },
                {
                  "name": "44040",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/44040"
                },
                {
                  "name": "DSA-2213",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2011/dsa-2213"
                },
                {
                  "name": "44082",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/44082"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=680196",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=680196"
                },
                {
                  "name": "1025317",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1025317"
                },
                {
                  "name": "47189",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/47189"
                },
                {
                  "name": "FEDORA-2011-4871",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057928.html"
                },
                {
                  "name": "44123",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/44123"
                },
                {
                  "name": "ADV-2011-0880",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0880"
                },
                {
                  "name": "ADV-2011-0906",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0906"
                },
                {
                  "name": "44012",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/44012"
                },
                {
                  "name": "http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56",
                  "refsource": "CONFIRM",
                  "url": "http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56"
                },
                {
                  "name": "44010",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/44010"
                },
                {
                  "name": "xorg11-xrdb-command-execution(66585)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66585"
                },
                {
                  "name": "USN-1107-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-1107-1"
                },
                {
                  "name": "SSA:2011-096-01",
                  "refsource": "SLACKWARE",
                  "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.465748"
                },
                {
                  "name": "ADV-2011-0889",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0889"
                },
                {
                  "name": "ADV-2011-0929",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0929"
                },
                {
                  "name": "44122",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/44122"
                },
                {
                  "name": "[xorg-announce] 20110405 xrdb 1.0.9",
                  "refsource": "MLIST",
                  "url": "http://lists.freedesktop.org/archives/xorg-announce/2011-April/001635.html"
                },
                {
                  "name": "MDVSA-2011:076",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:076"
                },
                {
                  "name": "RHSA-2011:0432",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2011-0432.html"
                },
                {
                  "name": "ADV-2011-0975",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0975"
                },
                {
                  "name": "44193",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/44193"
                },
                {
                  "name": "SUSE-SA:2011:016",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00002.html"
                },
                {
                  "name": "openSUSE-SU-2011:0298",
                  "refsource": "SUSE",
                  "url": "https://lwn.net/Articles/437150/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-0465",
        "datePublished": "2011-04-08T15:00:00.000Z",
        "dateReserved": "2011-01-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T21:51:08.842Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-2362 (GCVE-0-2008-2362)

    Vulnerability from nvd – Published: 2008-06-16 19:00 – Updated: 2024-08-07 08:58
    VLAI
    Summary
    Multiple integer overflows in the Render extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via a (1) SProcRenderCreateLinearGradient, (2) SProcRenderCreateRadialGradient, or (3) SProcRenderCreateConicalGradient request with an invalid field specifying the number of bytes to swap in the request data, which triggers heap memory corruption.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://issues.rpath.com/browse/RPL-2607 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/29670 vdb-entryx_refsource_BID
    http://sunsolve.sun.com/search/document.do?assetk… vendor-advisoryx_refsource_SUNALERT
    http://secunia.com/advisories/33937 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/30664 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/493550/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/31025 third-party-advisoryx_refsource_SECUNIA
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://support.apple.com/kb/HT3438 x_refsource_CONFIRM
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://www.vupen.com/english/advisories/2008/1833 vdb-entryx_refsource_VUPEN
    http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201 x_refsource_CONFIRM
    http://security.gentoo.org/glsa/glsa-200806-07.xml vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/30715 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/30666 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/30627 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/30637 third-party-advisoryx_refsource_SECUNIA
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patche… x_refsource_CONFIRM
    http://securitytracker.com/id?1020245 vdb-entryx_refsource_SECTRACK
    http://www.vupen.com/english/advisories/2008/1803 vdb-entryx_refsource_VUPEN
    http://support.avaya.com/elmodocs2/security/ASA-2… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/30772 third-party-advisoryx_refsource_SECUNIA
    http://labs.idefense.com/intelligence/vulnerabili… third-party-advisoryx_refsource_IDEFENSE
    http://secunia.com/advisories/30659 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/31109 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2008/1983… vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/30671 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/30809 third-party-advisoryx_refsource_SECUNIA
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://lists.freedesktop.org/archives/xorg/2008-J… mailing-listx_refsource_MLIST
    http://rhn.redhat.com/errata/RHSA-2008-0504.html vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/30843 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2008/dsa-1595 vendor-advisoryx_refsource_DEBIAN
    http://www.ubuntu.com/usn/usn-616-1 vendor-advisoryx_refsource_UBUNTU
    http://secunia.com/advisories/32099 third-party-advisoryx_refsource_SECUNIA
    https://issues.rpath.com/browse/RPL-2619 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.securityfocus.com/archive/1/493548/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/30630 third-party-advisoryx_refsource_SECUNIA
    http://www.gentoo.org/security/en/glsa/glsa-20080… vendor-advisoryx_refsource_GENTOO
    Date Public
    2008-06-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:58:02.043Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://issues.rpath.com/browse/RPL-2607"
              },
              {
                "name": "29670",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/29670"
              },
              {
                "name": "238686",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
                  "x_transferred"
                ],
                "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1"
              },
              {
                "name": "33937",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/33937"
              },
              {
                "name": "30664",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30664"
              },
              {
                "name": "20080621 rPSA-2008-0201-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/493550/100/0/threaded"
              },
              {
                "name": "31025",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31025"
              },
              {
                "name": "oval:org.mitre.oval:def:11246",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11246"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.apple.com/kb/HT3438"
              },
              {
                "name": "APPLE-SA-2009-02-12",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
              },
              {
                "name": "ADV-2008-1833",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/1833"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201"
              },
              {
                "name": "GLSA-200806-07",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200806-07.xml"
              },
              {
                "name": "30715",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30715"
              },
              {
                "name": "30666",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30666"
              },
              {
                "name": "30627",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30627"
              },
              {
                "name": "30637",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30637"
              },
              {
                "name": "MDVSA-2008:116",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:116"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2362.diff"
              },
              {
                "name": "1020245",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1020245"
              },
              {
                "name": "ADV-2008-1803",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/1803"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm"
              },
              {
                "name": "SUSE-SA:2008:027",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html"
              },
              {
                "name": "30772",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30772"
              },
              {
                "name": "20080611 Multiple Vendor X Server Render Extension Gradient Creation Integer Overflow Vulnerability",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_IDEFENSE",
                  "x_transferred"
                ],
                "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=720"
              },
              {
                "name": "30659",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30659"
              },
              {
                "name": "31109",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31109"
              },
              {
                "name": "ADV-2008-1983",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/1983/references"
              },
              {
                "name": "30671",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30671"
              },
              {
                "name": "30809",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30809"
              },
              {
                "name": "MDVSA-2008:179",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:179"
              },
              {
                "name": "[xorg] 20080611 X.Org security advisory june 2008 - Multiple vulnerabilities in X server extensions",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.freedesktop.org/archives/xorg/2008-June/036026.html"
              },
              {
                "name": "RHSA-2008:0504",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2008-0504.html"
              },
              {
                "name": "30843",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30843"
              },
              {
                "name": "DSA-1595",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2008/dsa-1595"
              },
              {
                "name": "USN-616-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/usn-616-1"
              },
              {
                "name": "32099",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/32099"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://issues.rpath.com/browse/RPL-2619"
              },
              {
                "name": "SUSE-SR:2008:019",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html"
              },
              {
                "name": "20080620 rPSA-2008-0200-1 xorg-server",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/493548/100/0/threaded"
              },
              {
                "name": "30630",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30630"
              },
              {
                "name": "GLSA-200807-07",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-06-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple integer overflows in the Render extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via a (1) SProcRenderCreateLinearGradient, (2) SProcRenderCreateRadialGradient, or (3) SProcRenderCreateConicalGradient request with an invalid field specifying the number of bytes to swap in the request data, which triggers heap memory corruption."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://issues.rpath.com/browse/RPL-2607"
            },
            {
              "name": "29670",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/29670"
            },
            {
              "name": "238686",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUNALERT"
              ],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1"
            },
            {
              "name": "33937",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/33937"
            },
            {
              "name": "30664",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30664"
            },
            {
              "name": "20080621 rPSA-2008-0201-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/493550/100/0/threaded"
            },
            {
              "name": "31025",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31025"
            },
            {
              "name": "oval:org.mitre.oval:def:11246",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11246"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.apple.com/kb/HT3438"
            },
            {
              "name": "APPLE-SA-2009-02-12",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
            },
            {
              "name": "ADV-2008-1833",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1833"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201"
            },
            {
              "name": "GLSA-200806-07",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200806-07.xml"
            },
            {
              "name": "30715",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30715"
            },
            {
              "name": "30666",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30666"
            },
            {
              "name": "30627",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30627"
            },
            {
              "name": "30637",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30637"
            },
            {
              "name": "MDVSA-2008:116",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:116"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2362.diff"
            },
            {
              "name": "1020245",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1020245"
            },
            {
              "name": "ADV-2008-1803",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1803"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm"
            },
            {
              "name": "SUSE-SA:2008:027",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html"
            },
            {
              "name": "30772",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30772"
            },
            {
              "name": "20080611 Multiple Vendor X Server Render Extension Gradient Creation Integer Overflow Vulnerability",
              "tags": [
                "third-party-advisory",
                "x_refsource_IDEFENSE"
              ],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=720"
            },
            {
              "name": "30659",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30659"
            },
            {
              "name": "31109",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31109"
            },
            {
              "name": "ADV-2008-1983",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1983/references"
            },
            {
              "name": "30671",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30671"
            },
            {
              "name": "30809",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30809"
            },
            {
              "name": "MDVSA-2008:179",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:179"
            },
            {
              "name": "[xorg] 20080611 X.Org security advisory june 2008 - Multiple vulnerabilities in X server extensions",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.freedesktop.org/archives/xorg/2008-June/036026.html"
            },
            {
              "name": "RHSA-2008:0504",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2008-0504.html"
            },
            {
              "name": "30843",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30843"
            },
            {
              "name": "DSA-1595",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2008/dsa-1595"
            },
            {
              "name": "USN-616-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/usn-616-1"
            },
            {
              "name": "32099",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/32099"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://issues.rpath.com/browse/RPL-2619"
            },
            {
              "name": "SUSE-SR:2008:019",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html"
            },
            {
              "name": "20080620 rPSA-2008-0200-1 xorg-server",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/493548/100/0/threaded"
            },
            {
              "name": "30630",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30630"
            },
            {
              "name": "GLSA-200807-07",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2008-2362",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple integer overflows in the Render extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via a (1) SProcRenderCreateLinearGradient, (2) SProcRenderCreateRadialGradient, or (3) SProcRenderCreateConicalGradient request with an invalid field specifying the number of bytes to swap in the request data, which triggers heap memory corruption."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://issues.rpath.com/browse/RPL-2607",
                  "refsource": "CONFIRM",
                  "url": "https://issues.rpath.com/browse/RPL-2607"
                },
                {
                  "name": "29670",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/29670"
                },
                {
                  "name": "238686",
                  "refsource": "SUNALERT",
                  "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1"
                },
                {
                  "name": "33937",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/33937"
                },
                {
                  "name": "30664",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30664"
                },
                {
                  "name": "20080621 rPSA-2008-0201-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/493550/100/0/threaded"
                },
                {
                  "name": "31025",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31025"
                },
                {
                  "name": "oval:org.mitre.oval:def:11246",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11246"
                },
                {
                  "name": "http://support.apple.com/kb/HT3438",
                  "refsource": "CONFIRM",
                  "url": "http://support.apple.com/kb/HT3438"
                },
                {
                  "name": "APPLE-SA-2009-02-12",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
                },
                {
                  "name": "ADV-2008-1833",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/1833"
                },
                {
                  "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201",
                  "refsource": "CONFIRM",
                  "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201"
                },
                {
                  "name": "GLSA-200806-07",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200806-07.xml"
                },
                {
                  "name": "30715",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30715"
                },
                {
                  "name": "30666",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30666"
                },
                {
                  "name": "30627",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30627"
                },
                {
                  "name": "30637",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30637"
                },
                {
                  "name": "MDVSA-2008:116",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:116"
                },
                {
                  "name": "ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2362.diff",
                  "refsource": "CONFIRM",
                  "url": "ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2362.diff"
                },
                {
                  "name": "1020245",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1020245"
                },
                {
                  "name": "ADV-2008-1803",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/1803"
                },
                {
                  "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm",
                  "refsource": "CONFIRM",
                  "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm"
                },
                {
                  "name": "SUSE-SA:2008:027",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html"
                },
                {
                  "name": "30772",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30772"
                },
                {
                  "name": "20080611 Multiple Vendor X Server Render Extension Gradient Creation Integer Overflow Vulnerability",
                  "refsource": "IDEFENSE",
                  "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=720"
                },
                {
                  "name": "30659",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30659"
                },
                {
                  "name": "31109",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31109"
                },
                {
                  "name": "ADV-2008-1983",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/1983/references"
                },
                {
                  "name": "30671",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30671"
                },
                {
                  "name": "30809",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30809"
                },
                {
                  "name": "MDVSA-2008:179",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:179"
                },
                {
                  "name": "[xorg] 20080611 X.Org security advisory june 2008 - Multiple vulnerabilities in X server extensions",
                  "refsource": "MLIST",
                  "url": "http://lists.freedesktop.org/archives/xorg/2008-June/036026.html"
                },
                {
                  "name": "RHSA-2008:0504",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2008-0504.html"
                },
                {
                  "name": "30843",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30843"
                },
                {
                  "name": "DSA-1595",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2008/dsa-1595"
                },
                {
                  "name": "USN-616-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/usn-616-1"
                },
                {
                  "name": "32099",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/32099"
                },
                {
                  "name": "https://issues.rpath.com/browse/RPL-2619",
                  "refsource": "CONFIRM",
                  "url": "https://issues.rpath.com/browse/RPL-2619"
                },
                {
                  "name": "SUSE-SR:2008:019",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html"
                },
                {
                  "name": "20080620 rPSA-2008-0200-1 xorg-server",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/493548/100/0/threaded"
                },
                {
                  "name": "30630",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30630"
                },
                {
                  "name": "GLSA-200807-07",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2008-2362",
        "datePublished": "2008-06-16T19:00:00.000Z",
        "dateReserved": "2008-05-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:58:02.043Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1379 (GCVE-0-2008-1379)

    Vulnerability from nvd – Published: 2008-06-16 19:00 – Updated: 2024-08-07 08:17
    VLAI
    Summary
    Integer overflow in the fbShmPutImage function in the MIT-SHM extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to read arbitrary process memory via crafted values for a Pixmap width and height.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securitytracker.com/id?1020246 vdb-entryx_refsource_SECTRACK
    https://issues.rpath.com/browse/RPL-2607 x_refsource_CONFIRM
    http://secunia.com/advisories/30629 third-party-advisoryx_refsource_SECUNIA
    http://sunsolve.sun.com/search/document.do?assetk… vendor-advisoryx_refsource_SUNALERT
    http://secunia.com/advisories/33937 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/30664 third-party-advisoryx_refsource_SECUNIA
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://www.securityfocus.com/archive/1/493550/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/31025 third-party-advisoryx_refsource_SECUNIA
    ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patche… x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2008-0502.html vendor-advisoryx_refsource_REDHAT
    http://h20000.www2.hp.com/bizsupport/TechSupport/… vendor-advisoryx_refsource_HP
    http://support.apple.com/kb/HT3438 x_refsource_CONFIRM
    http://labs.idefense.com/intelligence/vulnerabili… third-party-advisoryx_refsource_IDEFENSE
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://www.vupen.com/english/advisories/2008/1833 vdb-entryx_refsource_VUPEN
    http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201 x_refsource_CONFIRM
    http://security.gentoo.org/glsa/glsa-200806-07.xml vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/30715 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/30666 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/30627 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/30637 third-party-advisoryx_refsource_SECUNIA
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.vupen.com/english/advisories/2008/1803 vdb-entryx_refsource_VUPEN
    http://support.avaya.com/elmodocs2/security/ASA-2… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/30772 third-party-advisoryx_refsource_SECUNIA
    http://www.redhat.com/support/errata/RHSA-2008-05… vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/30628 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/30659 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/31109 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2008/1983… vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/30671 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/30809 third-party-advisoryx_refsource_SECUNIA
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://www.vupen.com/english/advisories/2008/3000 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/29669 vdb-entryx_refsource_BID
    http://lists.freedesktop.org/archives/xorg/2008-J… mailing-listx_refsource_MLIST
    http://rhn.redhat.com/errata/RHSA-2008-0504.html vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/32545 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/30843 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2008/dsa-1595 vendor-advisoryx_refsource_DEBIAN
    http://www.ubuntu.com/usn/usn-616-1 vendor-advisoryx_refsource_UBUNTU
    http://secunia.com/advisories/32099 third-party-advisoryx_refsource_SECUNIA
    https://issues.rpath.com/browse/RPL-2619 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://rhn.redhat.com/errata/RHSA-2008-0512.html vendor-advisoryx_refsource_REDHAT
    http://www.securityfocus.com/archive/1/493548/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/30630 third-party-advisoryx_refsource_SECUNIA
    http://www.gentoo.org/security/en/glsa/glsa-20080… vendor-advisoryx_refsource_GENTOO
    Date Public
    2008-06-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:17:34.606Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1020246",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1020246"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://issues.rpath.com/browse/RPL-2607"
              },
              {
                "name": "30629",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30629"
              },
              {
                "name": "238686",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
                  "x_transferred"
                ],
                "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1"
              },
              {
                "name": "33937",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/33937"
              },
              {
                "name": "30664",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30664"
              },
              {
                "name": "MDVSA-2008:115",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:115"
              },
              {
                "name": "20080621 rPSA-2008-0201-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/493550/100/0/threaded"
              },
              {
                "name": "31025",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31025"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-1379.diff"
              },
              {
                "name": "RHSA-2008:0502",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2008-0502.html"
              },
              {
                "name": "SSRT080083",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.apple.com/kb/HT3438"
              },
              {
                "name": "20080611 Multiple Vendor X Server MIT-SHM Extension Information Disclosure Vulnerability",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_IDEFENSE",
                  "x_transferred"
                ],
                "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=722"
              },
              {
                "name": "APPLE-SA-2009-02-12",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
              },
              {
                "name": "ADV-2008-1833",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/1833"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201"
              },
              {
                "name": "GLSA-200806-07",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200806-07.xml"
              },
              {
                "name": "30715",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30715"
              },
              {
                "name": "30666",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30666"
              },
              {
                "name": "xorg-fbshmputimage-information-disclosure(43016)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43016"
              },
              {
                "name": "30627",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30627"
              },
              {
                "name": "30637",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30637"
              },
              {
                "name": "MDVSA-2008:116",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:116"
              },
              {
                "name": "oval:org.mitre.oval:def:8966",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8966"
              },
              {
                "name": "ADV-2008-1803",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/1803"
              },
              {
                "name": "HPSBUX02381",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm"
              },
              {
                "name": "SUSE-SA:2008:027",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html"
              },
              {
                "name": "30772",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30772"
              },
              {
                "name": "RHSA-2008:0503",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2008-0503.html"
              },
              {
                "name": "30628",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30628"
              },
              {
                "name": "30659",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30659"
              },
              {
                "name": "31109",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31109"
              },
              {
                "name": "ADV-2008-1983",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/1983/references"
              },
              {
                "name": "30671",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30671"
              },
              {
                "name": "30809",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30809"
              },
              {
                "name": "MDVSA-2008:179",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:179"
              },
              {
                "name": "ADV-2008-3000",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/3000"
              },
              {
                "name": "29669",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/29669"
              },
              {
                "name": "[xorg] 20080611 X.Org security advisory june 2008 - Multiple vulnerabilities in X server extensions",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.freedesktop.org/archives/xorg/2008-June/036026.html"
              },
              {
                "name": "RHSA-2008:0504",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2008-0504.html"
              },
              {
                "name": "32545",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/32545"
              },
              {
                "name": "30843",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30843"
              },
              {
                "name": "DSA-1595",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2008/dsa-1595"
              },
              {
                "name": "USN-616-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/usn-616-1"
              },
              {
                "name": "32099",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/32099"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://issues.rpath.com/browse/RPL-2619"
              },
              {
                "name": "SUSE-SR:2008:019",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html"
              },
              {
                "name": "RHSA-2008:0512",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2008-0512.html"
              },
              {
                "name": "20080620 rPSA-2008-0200-1 xorg-server",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/493548/100/0/threaded"
              },
              {
                "name": "30630",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30630"
              },
              {
                "name": "GLSA-200807-07",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-06-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Integer overflow in the fbShmPutImage function in the MIT-SHM extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to read arbitrary process memory via crafted values for a Pixmap width and height."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "1020246",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1020246"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://issues.rpath.com/browse/RPL-2607"
            },
            {
              "name": "30629",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30629"
            },
            {
              "name": "238686",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUNALERT"
              ],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1"
            },
            {
              "name": "33937",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/33937"
            },
            {
              "name": "30664",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30664"
            },
            {
              "name": "MDVSA-2008:115",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:115"
            },
            {
              "name": "20080621 rPSA-2008-0201-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/493550/100/0/threaded"
            },
            {
              "name": "31025",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31025"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-1379.diff"
            },
            {
              "name": "RHSA-2008:0502",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2008-0502.html"
            },
            {
              "name": "SSRT080083",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.apple.com/kb/HT3438"
            },
            {
              "name": "20080611 Multiple Vendor X Server MIT-SHM Extension Information Disclosure Vulnerability",
              "tags": [
                "third-party-advisory",
                "x_refsource_IDEFENSE"
              ],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=722"
            },
            {
              "name": "APPLE-SA-2009-02-12",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
            },
            {
              "name": "ADV-2008-1833",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1833"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201"
            },
            {
              "name": "GLSA-200806-07",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200806-07.xml"
            },
            {
              "name": "30715",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30715"
            },
            {
              "name": "30666",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30666"
            },
            {
              "name": "xorg-fbshmputimage-information-disclosure(43016)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43016"
            },
            {
              "name": "30627",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30627"
            },
            {
              "name": "30637",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30637"
            },
            {
              "name": "MDVSA-2008:116",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:116"
            },
            {
              "name": "oval:org.mitre.oval:def:8966",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8966"
            },
            {
              "name": "ADV-2008-1803",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1803"
            },
            {
              "name": "HPSBUX02381",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm"
            },
            {
              "name": "SUSE-SA:2008:027",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html"
            },
            {
              "name": "30772",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30772"
            },
            {
              "name": "RHSA-2008:0503",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0503.html"
            },
            {
              "name": "30628",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30628"
            },
            {
              "name": "30659",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30659"
            },
            {
              "name": "31109",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31109"
            },
            {
              "name": "ADV-2008-1983",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1983/references"
            },
            {
              "name": "30671",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30671"
            },
            {
              "name": "30809",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30809"
            },
            {
              "name": "MDVSA-2008:179",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:179"
            },
            {
              "name": "ADV-2008-3000",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/3000"
            },
            {
              "name": "29669",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/29669"
            },
            {
              "name": "[xorg] 20080611 X.Org security advisory june 2008 - Multiple vulnerabilities in X server extensions",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.freedesktop.org/archives/xorg/2008-June/036026.html"
            },
            {
              "name": "RHSA-2008:0504",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2008-0504.html"
            },
            {
              "name": "32545",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/32545"
            },
            {
              "name": "30843",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30843"
            },
            {
              "name": "DSA-1595",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2008/dsa-1595"
            },
            {
              "name": "USN-616-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/usn-616-1"
            },
            {
              "name": "32099",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/32099"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://issues.rpath.com/browse/RPL-2619"
            },
            {
              "name": "SUSE-SR:2008:019",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html"
            },
            {
              "name": "RHSA-2008:0512",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2008-0512.html"
            },
            {
              "name": "20080620 rPSA-2008-0200-1 xorg-server",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/493548/100/0/threaded"
            },
            {
              "name": "30630",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30630"
            },
            {
              "name": "GLSA-200807-07",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2008-1379",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Integer overflow in the fbShmPutImage function in the MIT-SHM extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to read arbitrary process memory via crafted values for a Pixmap width and height."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1020246",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1020246"
                },
                {
                  "name": "https://issues.rpath.com/browse/RPL-2607",
                  "refsource": "CONFIRM",
                  "url": "https://issues.rpath.com/browse/RPL-2607"
                },
                {
                  "name": "30629",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30629"
                },
                {
                  "name": "238686",
                  "refsource": "SUNALERT",
                  "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1"
                },
                {
                  "name": "33937",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/33937"
                },
                {
                  "name": "30664",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30664"
                },
                {
                  "name": "MDVSA-2008:115",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:115"
                },
                {
                  "name": "20080621 rPSA-2008-0201-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/493550/100/0/threaded"
                },
                {
                  "name": "31025",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31025"
                },
                {
                  "name": "ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-1379.diff",
                  "refsource": "CONFIRM",
                  "url": "ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-1379.diff"
                },
                {
                  "name": "RHSA-2008:0502",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2008-0502.html"
                },
                {
                  "name": "SSRT080083",
                  "refsource": "HP",
                  "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321"
                },
                {
                  "name": "http://support.apple.com/kb/HT3438",
                  "refsource": "CONFIRM",
                  "url": "http://support.apple.com/kb/HT3438"
                },
                {
                  "name": "20080611 Multiple Vendor X Server MIT-SHM Extension Information Disclosure Vulnerability",
                  "refsource": "IDEFENSE",
                  "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=722"
                },
                {
                  "name": "APPLE-SA-2009-02-12",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
                },
                {
                  "name": "ADV-2008-1833",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/1833"
                },
                {
                  "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201",
                  "refsource": "CONFIRM",
                  "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201"
                },
                {
                  "name": "GLSA-200806-07",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200806-07.xml"
                },
                {
                  "name": "30715",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30715"
                },
                {
                  "name": "30666",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30666"
                },
                {
                  "name": "xorg-fbshmputimage-information-disclosure(43016)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43016"
                },
                {
                  "name": "30627",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30627"
                },
                {
                  "name": "30637",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30637"
                },
                {
                  "name": "MDVSA-2008:116",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:116"
                },
                {
                  "name": "oval:org.mitre.oval:def:8966",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8966"
                },
                {
                  "name": "ADV-2008-1803",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/1803"
                },
                {
                  "name": "HPSBUX02381",
                  "refsource": "HP",
                  "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321"
                },
                {
                  "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm",
                  "refsource": "CONFIRM",
                  "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm"
                },
                {
                  "name": "SUSE-SA:2008:027",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html"
                },
                {
                  "name": "30772",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30772"
                },
                {
                  "name": "RHSA-2008:0503",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2008-0503.html"
                },
                {
                  "name": "30628",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30628"
                },
                {
                  "name": "30659",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30659"
                },
                {
                  "name": "31109",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31109"
                },
                {
                  "name": "ADV-2008-1983",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/1983/references"
                },
                {
                  "name": "30671",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30671"
                },
                {
                  "name": "30809",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30809"
                },
                {
                  "name": "MDVSA-2008:179",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:179"
                },
                {
                  "name": "ADV-2008-3000",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/3000"
                },
                {
                  "name": "29669",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/29669"
                },
                {
                  "name": "[xorg] 20080611 X.Org security advisory june 2008 - Multiple vulnerabilities in X server extensions",
                  "refsource": "MLIST",
                  "url": "http://lists.freedesktop.org/archives/xorg/2008-June/036026.html"
                },
                {
                  "name": "RHSA-2008:0504",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2008-0504.html"
                },
                {
                  "name": "32545",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/32545"
                },
                {
                  "name": "30843",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30843"
                },
                {
                  "name": "DSA-1595",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2008/dsa-1595"
                },
                {
                  "name": "USN-616-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/usn-616-1"
                },
                {
                  "name": "32099",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/32099"
                },
                {
                  "name": "https://issues.rpath.com/browse/RPL-2619",
                  "refsource": "CONFIRM",
                  "url": "https://issues.rpath.com/browse/RPL-2619"
                },
                {
                  "name": "SUSE-SR:2008:019",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html"
                },
                {
                  "name": "RHSA-2008:0512",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2008-0512.html"
                },
                {
                  "name": "20080620 rPSA-2008-0200-1 xorg-server",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/493548/100/0/threaded"
                },
                {
                  "name": "30630",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30630"
                },
                {
                  "name": "GLSA-200807-07",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2008-1379",
        "datePublished": "2008-06-16T19:00:00.000Z",
        "dateReserved": "2008-03-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:17:34.606Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1377 (GCVE-0-2008-1377)

    Vulnerability from nvd – Published: 2008-06-16 19:00 – Updated: 2024-08-07 08:17
    VLAI
    Summary
    The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://issues.rpath.com/browse/RPL-2607 x_refsource_CONFIRM
    http://secunia.com/advisories/30629 third-party-advisoryx_refsource_SECUNIA
    http://labs.idefense.com/intelligence/vulnerabili… third-party-advisoryx_refsource_IDEFENSE
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://sunsolve.sun.com/search/document.do?assetk… vendor-advisoryx_refsource_SUNALERT
    http://secunia.com/advisories/33937 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/30664 third-party-advisoryx_refsource_SECUNIA
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://www.securityfocus.com/archive/1/493550/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/31025 third-party-advisoryx_refsource_SECUNIA
    http://rhn.redhat.com/errata/RHSA-2008-0502.html vendor-advisoryx_refsource_REDHAT
    http://h20000.www2.hp.com/bizsupport/TechSupport/… vendor-advisoryx_refsource_HP
    http://support.apple.com/kb/HT3438 x_refsource_CONFIRM
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://www.vupen.com/english/advisories/2008/1833 vdb-entryx_refsource_VUPEN
    http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201 x_refsource_CONFIRM
    http://security.gentoo.org/glsa/glsa-200806-07.xml vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/30715 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/30666 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/30627 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/30637 third-party-advisoryx_refsource_SECUNIA
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://www.vupen.com/english/advisories/2008/1803 vdb-entryx_refsource_VUPEN
    ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patche… x_refsource_CONFIRM
    http://support.avaya.com/elmodocs2/security/ASA-2… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/30772 third-party-advisoryx_refsource_SECUNIA
    http://securitytracker.com/id?1020247 vdb-entryx_refsource_SECTRACK
    http://www.redhat.com/support/errata/RHSA-2008-05… vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/30628 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/30659 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/31109 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2008/1983… vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/30671 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/30809 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2008/3000 vdb-entryx_refsource_VUPEN
    http://lists.freedesktop.org/archives/xorg/2008-J… mailing-listx_refsource_MLIST
    http://rhn.redhat.com/errata/RHSA-2008-0504.html vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/32545 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/30843 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2008/dsa-1595 vendor-advisoryx_refsource_DEBIAN
    http://www.ubuntu.com/usn/usn-616-1 vendor-advisoryx_refsource_UBUNTU
    http://secunia.com/advisories/32099 third-party-advisoryx_refsource_SECUNIA
    https://issues.rpath.com/browse/RPL-2619 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://rhn.redhat.com/errata/RHSA-2008-0512.html vendor-advisoryx_refsource_REDHAT
    http://www.securityfocus.com/archive/1/493548/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/30630 third-party-advisoryx_refsource_SECUNIA
    http://www.gentoo.org/security/en/glsa/glsa-20080… vendor-advisoryx_refsource_GENTOO
    Date Public
    2008-06-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:17:34.564Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://issues.rpath.com/browse/RPL-2607"
              },
              {
                "name": "30629",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30629"
              },
              {
                "name": "20080611 Multiple Vendor X Server Record and Security Extensions Multiple Memory Corruption Vulnerabilities",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_IDEFENSE",
                  "x_transferred"
                ],
                "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=721"
              },
              {
                "name": "oval:org.mitre.oval:def:10109",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10109"
              },
              {
                "name": "238686",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
                  "x_transferred"
                ],
                "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1"
              },
              {
                "name": "33937",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/33937"
              },
              {
                "name": "30664",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30664"
              },
              {
                "name": "MDVSA-2008:115",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:115"
              },
              {
                "name": "20080621 rPSA-2008-0201-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/493550/100/0/threaded"
              },
              {
                "name": "31025",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31025"
              },
              {
                "name": "RHSA-2008:0502",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2008-0502.html"
              },
              {
                "name": "SSRT080083",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.apple.com/kb/HT3438"
              },
              {
                "name": "APPLE-SA-2009-02-12",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
              },
              {
                "name": "ADV-2008-1833",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/1833"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201"
              },
              {
                "name": "GLSA-200806-07",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200806-07.xml"
              },
              {
                "name": "30715",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30715"
              },
              {
                "name": "30666",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30666"
              },
              {
                "name": "30627",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30627"
              },
              {
                "name": "30637",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30637"
              },
              {
                "name": "MDVSA-2008:116",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:116"
              },
              {
                "name": "ADV-2008-1803",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/1803"
              },
              {
                "name": "HPSBUX02381",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-1377.diff"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm"
              },
              {
                "name": "SUSE-SA:2008:027",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html"
              },
              {
                "name": "30772",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30772"
              },
              {
                "name": "1020247",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1020247"
              },
              {
                "name": "RHSA-2008:0503",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2008-0503.html"
              },
              {
                "name": "30628",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30628"
              },
              {
                "name": "30659",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30659"
              },
              {
                "name": "31109",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31109"
              },
              {
                "name": "ADV-2008-1983",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/1983/references"
              },
              {
                "name": "30671",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30671"
              },
              {
                "name": "30809",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30809"
              },
              {
                "name": "ADV-2008-3000",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/3000"
              },
              {
                "name": "[xorg] 20080611 X.Org security advisory june 2008 - Multiple vulnerabilities in X server extensions",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.freedesktop.org/archives/xorg/2008-June/036026.html"
              },
              {
                "name": "RHSA-2008:0504",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2008-0504.html"
              },
              {
                "name": "32545",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/32545"
              },
              {
                "name": "30843",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30843"
              },
              {
                "name": "DSA-1595",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2008/dsa-1595"
              },
              {
                "name": "USN-616-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/usn-616-1"
              },
              {
                "name": "32099",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/32099"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://issues.rpath.com/browse/RPL-2619"
              },
              {
                "name": "SUSE-SR:2008:019",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html"
              },
              {
                "name": "RHSA-2008:0512",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2008-0512.html"
              },
              {
                "name": "20080620 rPSA-2008-0200-1 xorg-server",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/493548/100/0/threaded"
              },
              {
                "name": "30630",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30630"
              },
              {
                "name": "GLSA-200807-07",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-06-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://issues.rpath.com/browse/RPL-2607"
            },
            {
              "name": "30629",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30629"
            },
            {
              "name": "20080611 Multiple Vendor X Server Record and Security Extensions Multiple Memory Corruption Vulnerabilities",
              "tags": [
                "third-party-advisory",
                "x_refsource_IDEFENSE"
              ],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=721"
            },
            {
              "name": "oval:org.mitre.oval:def:10109",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10109"
            },
            {
              "name": "238686",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUNALERT"
              ],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1"
            },
            {
              "name": "33937",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/33937"
            },
            {
              "name": "30664",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30664"
            },
            {
              "name": "MDVSA-2008:115",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:115"
            },
            {
              "name": "20080621 rPSA-2008-0201-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/493550/100/0/threaded"
            },
            {
              "name": "31025",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31025"
            },
            {
              "name": "RHSA-2008:0502",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2008-0502.html"
            },
            {
              "name": "SSRT080083",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.apple.com/kb/HT3438"
            },
            {
              "name": "APPLE-SA-2009-02-12",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
            },
            {
              "name": "ADV-2008-1833",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1833"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201"
            },
            {
              "name": "GLSA-200806-07",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200806-07.xml"
            },
            {
              "name": "30715",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30715"
            },
            {
              "name": "30666",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30666"
            },
            {
              "name": "30627",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30627"
            },
            {
              "name": "30637",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30637"
            },
            {
              "name": "MDVSA-2008:116",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:116"
            },
            {
              "name": "ADV-2008-1803",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1803"
            },
            {
              "name": "HPSBUX02381",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-1377.diff"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm"
            },
            {
              "name": "SUSE-SA:2008:027",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html"
            },
            {
              "name": "30772",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30772"
            },
            {
              "name": "1020247",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1020247"
            },
            {
              "name": "RHSA-2008:0503",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0503.html"
            },
            {
              "name": "30628",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30628"
            },
            {
              "name": "30659",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30659"
            },
            {
              "name": "31109",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31109"
            },
            {
              "name": "ADV-2008-1983",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1983/references"
            },
            {
              "name": "30671",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30671"
            },
            {
              "name": "30809",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30809"
            },
            {
              "name": "ADV-2008-3000",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/3000"
            },
            {
              "name": "[xorg] 20080611 X.Org security advisory june 2008 - Multiple vulnerabilities in X server extensions",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.freedesktop.org/archives/xorg/2008-June/036026.html"
            },
            {
              "name": "RHSA-2008:0504",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2008-0504.html"
            },
            {
              "name": "32545",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/32545"
            },
            {
              "name": "30843",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30843"
            },
            {
              "name": "DSA-1595",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2008/dsa-1595"
            },
            {
              "name": "USN-616-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/usn-616-1"
            },
            {
              "name": "32099",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/32099"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://issues.rpath.com/browse/RPL-2619"
            },
            {
              "name": "SUSE-SR:2008:019",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html"
            },
            {
              "name": "RHSA-2008:0512",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2008-0512.html"
            },
            {
              "name": "20080620 rPSA-2008-0200-1 xorg-server",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/493548/100/0/threaded"
            },
            {
              "name": "30630",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30630"
            },
            {
              "name": "GLSA-200807-07",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2008-1377",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://issues.rpath.com/browse/RPL-2607",
                  "refsource": "CONFIRM",
                  "url": "https://issues.rpath.com/browse/RPL-2607"
                },
                {
                  "name": "30629",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30629"
                },
                {
                  "name": "20080611 Multiple Vendor X Server Record and Security Extensions Multiple Memory Corruption Vulnerabilities",
                  "refsource": "IDEFENSE",
                  "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=721"
                },
                {
                  "name": "oval:org.mitre.oval:def:10109",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10109"
                },
                {
                  "name": "238686",
                  "refsource": "SUNALERT",
                  "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1"
                },
                {
                  "name": "33937",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/33937"
                },
                {
                  "name": "30664",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30664"
                },
                {
                  "name": "MDVSA-2008:115",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:115"
                },
                {
                  "name": "20080621 rPSA-2008-0201-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/493550/100/0/threaded"
                },
                {
                  "name": "31025",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31025"
                },
                {
                  "name": "RHSA-2008:0502",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2008-0502.html"
                },
                {
                  "name": "SSRT080083",
                  "refsource": "HP",
                  "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321"
                },
                {
                  "name": "http://support.apple.com/kb/HT3438",
                  "refsource": "CONFIRM",
                  "url": "http://support.apple.com/kb/HT3438"
                },
                {
                  "name": "APPLE-SA-2009-02-12",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
                },
                {
                  "name": "ADV-2008-1833",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/1833"
                },
                {
                  "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201",
                  "refsource": "CONFIRM",
                  "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201"
                },
                {
                  "name": "GLSA-200806-07",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200806-07.xml"
                },
                {
                  "name": "30715",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30715"
                },
                {
                  "name": "30666",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30666"
                },
                {
                  "name": "30627",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30627"
                },
                {
                  "name": "30637",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30637"
                },
                {
                  "name": "MDVSA-2008:116",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:116"
                },
                {
                  "name": "ADV-2008-1803",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/1803"
                },
                {
                  "name": "HPSBUX02381",
                  "refsource": "HP",
                  "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321"
                },
                {
                  "name": "ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-1377.diff",
                  "refsource": "CONFIRM",
                  "url": "ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-1377.diff"
                },
                {
                  "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm",
                  "refsource": "CONFIRM",
                  "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm"
                },
                {
                  "name": "SUSE-SA:2008:027",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html"
                },
                {
                  "name": "30772",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30772"
                },
                {
                  "name": "1020247",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1020247"
                },
                {
                  "name": "RHSA-2008:0503",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2008-0503.html"
                },
                {
                  "name": "30628",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30628"
                },
                {
                  "name": "30659",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30659"
                },
                {
                  "name": "31109",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31109"
                },
                {
                  "name": "ADV-2008-1983",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/1983/references"
                },
                {
                  "name": "30671",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30671"
                },
                {
                  "name": "30809",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30809"
                },
                {
                  "name": "ADV-2008-3000",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/3000"
                },
                {
                  "name": "[xorg] 20080611 X.Org security advisory june 2008 - Multiple vulnerabilities in X server extensions",
                  "refsource": "MLIST",
                  "url": "http://lists.freedesktop.org/archives/xorg/2008-June/036026.html"
                },
                {
                  "name": "RHSA-2008:0504",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2008-0504.html"
                },
                {
                  "name": "32545",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/32545"
                },
                {
                  "name": "30843",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30843"
                },
                {
                  "name": "DSA-1595",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2008/dsa-1595"
                },
                {
                  "name": "USN-616-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/usn-616-1"
                },
                {
                  "name": "32099",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/32099"
                },
                {
                  "name": "https://issues.rpath.com/browse/RPL-2619",
                  "refsource": "CONFIRM",
                  "url": "https://issues.rpath.com/browse/RPL-2619"
                },
                {
                  "name": "SUSE-SR:2008:019",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html"
                },
                {
                  "name": "RHSA-2008:0512",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2008-0512.html"
                },
                {
                  "name": "20080620 rPSA-2008-0200-1 xorg-server",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/493548/100/0/threaded"
                },
                {
                  "name": "30630",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30630"
                },
                {
                  "name": "GLSA-200807-07",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2008-1377",
        "datePublished": "2008-06-16T19:00:00.000Z",
        "dateReserved": "2008-03-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:17:34.564Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-2360 (GCVE-0-2008-2360)

    Vulnerability from nvd – Published: 2008-06-16 19:00 – Updated: 2024-08-07 08:58
    VLAI
    Summary
    Integer overflow in the AllocateGlyph function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to execute arbitrary code via unspecified request fields that are used to calculate a heap buffer size, which triggers a heap-based buffer overflow.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://issues.rpath.com/browse/RPL-2607 x_refsource_CONFIRM
    http://secunia.com/advisories/30629 third-party-advisoryx_refsource_SECUNIA
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://sunsolve.sun.com/search/document.do?assetk… vendor-advisoryx_refsource_SUNALERT
    http://secunia.com/advisories/33937 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/30664 third-party-advisoryx_refsource_SECUNIA
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://www.securityfocus.com/archive/1/493550/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/31025 third-party-advisoryx_refsource_SECUNIA
    http://labs.idefense.com/intelligence/vulnerabili… third-party-advisoryx_refsource_IDEFENSE
    http://rhn.redhat.com/errata/RHSA-2008-0502.html vendor-advisoryx_refsource_REDHAT
    http://support.apple.com/kb/HT3438 x_refsource_CONFIRM
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://www.vupen.com/english/advisories/2008/1833 vdb-entryx_refsource_VUPEN
    http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201 x_refsource_CONFIRM
    http://security.gentoo.org/glsa/glsa-200806-07.xml vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/30715 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/30666 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/30627 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/30637 third-party-advisoryx_refsource_SECUNIA
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://www.vupen.com/english/advisories/2008/1803 vdb-entryx_refsource_VUPEN
    http://support.avaya.com/elmodocs2/security/ASA-2… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://securitytracker.com/id?1020243 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/30772 third-party-advisoryx_refsource_SECUNIA
    ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patche… x_refsource_CONFIRM
    http://www.redhat.com/support/errata/RHSA-2008-05… vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/30628 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/30659 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/31109 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2008/1983… vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/30671 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/30809 third-party-advisoryx_refsource_SECUNIA
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://lists.freedesktop.org/archives/xorg/2008-J… mailing-listx_refsource_MLIST
    http://rhn.redhat.com/errata/RHSA-2008-0504.html vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/30843 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2008/dsa-1595 vendor-advisoryx_refsource_DEBIAN
    http://www.ubuntu.com/usn/usn-616-1 vendor-advisoryx_refsource_UBUNTU
    http://secunia.com/advisories/32099 third-party-advisoryx_refsource_SECUNIA
    https://issues.rpath.com/browse/RPL-2619 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://rhn.redhat.com/errata/RHSA-2008-0512.html vendor-advisoryx_refsource_REDHAT
    http://www.securityfocus.com/archive/1/493548/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/30630 third-party-advisoryx_refsource_SECUNIA
    http://www.gentoo.org/security/en/glsa/glsa-20080… vendor-advisoryx_refsource_GENTOO
    Date Public
    2008-06-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:58:02.415Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://issues.rpath.com/browse/RPL-2607"
              },
              {
                "name": "30629",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30629"
              },
              {
                "name": "oval:org.mitre.oval:def:9329",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9329"
              },
              {
                "name": "238686",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
                  "x_transferred"
                ],
                "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1"
              },
              {
                "name": "33937",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/33937"
              },
              {
                "name": "30664",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30664"
              },
              {
                "name": "MDVSA-2008:115",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:115"
              },
              {
                "name": "20080621 rPSA-2008-0201-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/493550/100/0/threaded"
              },
              {
                "name": "31025",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31025"
              },
              {
                "name": "20080611 Multiple Vendor X Server Render Extension AllocateGlyph() Integer Overflow Vulnerability",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_IDEFENSE",
                  "x_transferred"
                ],
                "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=718"
              },
              {
                "name": "RHSA-2008:0502",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2008-0502.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.apple.com/kb/HT3438"
              },
              {
                "name": "APPLE-SA-2009-02-12",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
              },
              {
                "name": "ADV-2008-1833",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/1833"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201"
              },
              {
                "name": "GLSA-200806-07",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200806-07.xml"
              },
              {
                "name": "30715",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30715"
              },
              {
                "name": "30666",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30666"
              },
              {
                "name": "30627",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30627"
              },
              {
                "name": "30637",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30637"
              },
              {
                "name": "MDVSA-2008:116",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:116"
              },
              {
                "name": "ADV-2008-1803",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/1803"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm"
              },
              {
                "name": "SUSE-SA:2008:027",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html"
              },
              {
                "name": "1020243",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1020243"
              },
              {
                "name": "30772",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30772"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2360.diff"
              },
              {
                "name": "RHSA-2008:0503",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2008-0503.html"
              },
              {
                "name": "30628",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30628"
              },
              {
                "name": "30659",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30659"
              },
              {
                "name": "31109",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31109"
              },
              {
                "name": "ADV-2008-1983",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/1983/references"
              },
              {
                "name": "30671",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30671"
              },
              {
                "name": "30809",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30809"
              },
              {
                "name": "MDVSA-2008:179",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:179"
              },
              {
                "name": "[xorg] 20080611 X.Org security advisory june 2008 - Multiple vulnerabilities in X server extensions",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.freedesktop.org/archives/xorg/2008-June/036026.html"
              },
              {
                "name": "RHSA-2008:0504",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2008-0504.html"
              },
              {
                "name": "30843",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30843"
              },
              {
                "name": "DSA-1595",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2008/dsa-1595"
              },
              {
                "name": "USN-616-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/usn-616-1"
              },
              {
                "name": "32099",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/32099"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://issues.rpath.com/browse/RPL-2619"
              },
              {
                "name": "SUSE-SR:2008:019",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html"
              },
              {
                "name": "RHSA-2008:0512",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2008-0512.html"
              },
              {
                "name": "20080620 rPSA-2008-0200-1 xorg-server",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/493548/100/0/threaded"
              },
              {
                "name": "30630",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30630"
              },
              {
                "name": "GLSA-200807-07",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-06-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Integer overflow in the AllocateGlyph function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to execute arbitrary code via unspecified request fields that are used to calculate a heap buffer size, which triggers a heap-based buffer overflow."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://issues.rpath.com/browse/RPL-2607"
            },
            {
              "name": "30629",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30629"
            },
            {
              "name": "oval:org.mitre.oval:def:9329",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9329"
            },
            {
              "name": "238686",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUNALERT"
              ],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1"
            },
            {
              "name": "33937",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/33937"
            },
            {
              "name": "30664",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30664"
            },
            {
              "name": "MDVSA-2008:115",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:115"
            },
            {
              "name": "20080621 rPSA-2008-0201-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/493550/100/0/threaded"
            },
            {
              "name": "31025",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31025"
            },
            {
              "name": "20080611 Multiple Vendor X Server Render Extension AllocateGlyph() Integer Overflow Vulnerability",
              "tags": [
                "third-party-advisory",
                "x_refsource_IDEFENSE"
              ],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=718"
            },
            {
              "name": "RHSA-2008:0502",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2008-0502.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.apple.com/kb/HT3438"
            },
            {
              "name": "APPLE-SA-2009-02-12",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
            },
            {
              "name": "ADV-2008-1833",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1833"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201"
            },
            {
              "name": "GLSA-200806-07",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200806-07.xml"
            },
            {
              "name": "30715",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30715"
            },
            {
              "name": "30666",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30666"
            },
            {
              "name": "30627",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30627"
            },
            {
              "name": "30637",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30637"
            },
            {
              "name": "MDVSA-2008:116",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:116"
            },
            {
              "name": "ADV-2008-1803",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1803"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm"
            },
            {
              "name": "SUSE-SA:2008:027",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html"
            },
            {
              "name": "1020243",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1020243"
            },
            {
              "name": "30772",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30772"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2360.diff"
            },
            {
              "name": "RHSA-2008:0503",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0503.html"
            },
            {
              "name": "30628",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30628"
            },
            {
              "name": "30659",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30659"
            },
            {
              "name": "31109",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31109"
            },
            {
              "name": "ADV-2008-1983",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1983/references"
            },
            {
              "name": "30671",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30671"
            },
            {
              "name": "30809",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30809"
            },
            {
              "name": "MDVSA-2008:179",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:179"
            },
            {
              "name": "[xorg] 20080611 X.Org security advisory june 2008 - Multiple vulnerabilities in X server extensions",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.freedesktop.org/archives/xorg/2008-June/036026.html"
            },
            {
              "name": "RHSA-2008:0504",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2008-0504.html"
            },
            {
              "name": "30843",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30843"
            },
            {
              "name": "DSA-1595",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2008/dsa-1595"
            },
            {
              "name": "USN-616-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/usn-616-1"
            },
            {
              "name": "32099",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/32099"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://issues.rpath.com/browse/RPL-2619"
            },
            {
              "name": "SUSE-SR:2008:019",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html"
            },
            {
              "name": "RHSA-2008:0512",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2008-0512.html"
            },
            {
              "name": "20080620 rPSA-2008-0200-1 xorg-server",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/493548/100/0/threaded"
            },
            {
              "name": "30630",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30630"
            },
            {
              "name": "GLSA-200807-07",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2008-2360",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Integer overflow in the AllocateGlyph function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to execute arbitrary code via unspecified request fields that are used to calculate a heap buffer size, which triggers a heap-based buffer overflow."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://issues.rpath.com/browse/RPL-2607",
                  "refsource": "CONFIRM",
                  "url": "https://issues.rpath.com/browse/RPL-2607"
                },
                {
                  "name": "30629",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30629"
                },
                {
                  "name": "oval:org.mitre.oval:def:9329",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9329"
                },
                {
                  "name": "238686",
                  "refsource": "SUNALERT",
                  "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1"
                },
                {
                  "name": "33937",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/33937"
                },
                {
                  "name": "30664",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30664"
                },
                {
                  "name": "MDVSA-2008:115",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:115"
                },
                {
                  "name": "20080621 rPSA-2008-0201-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/493550/100/0/threaded"
                },
                {
                  "name": "31025",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31025"
                },
                {
                  "name": "20080611 Multiple Vendor X Server Render Extension AllocateGlyph() Integer Overflow Vulnerability",
                  "refsource": "IDEFENSE",
                  "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=718"
                },
                {
                  "name": "RHSA-2008:0502",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2008-0502.html"
                },
                {
                  "name": "http://support.apple.com/kb/HT3438",
                  "refsource": "CONFIRM",
                  "url": "http://support.apple.com/kb/HT3438"
                },
                {
                  "name": "APPLE-SA-2009-02-12",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
                },
                {
                  "name": "ADV-2008-1833",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/1833"
                },
                {
                  "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201",
                  "refsource": "CONFIRM",
                  "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201"
                },
                {
                  "name": "GLSA-200806-07",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200806-07.xml"
                },
                {
                  "name": "30715",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30715"
                },
                {
                  "name": "30666",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30666"
                },
                {
                  "name": "30627",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30627"
                },
                {
                  "name": "30637",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30637"
                },
                {
                  "name": "MDVSA-2008:116",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:116"
                },
                {
                  "name": "ADV-2008-1803",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/1803"
                },
                {
                  "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm",
                  "refsource": "CONFIRM",
                  "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm"
                },
                {
                  "name": "SUSE-SA:2008:027",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html"
                },
                {
                  "name": "1020243",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1020243"
                },
                {
                  "name": "30772",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30772"
                },
                {
                  "name": "ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2360.diff",
                  "refsource": "CONFIRM",
                  "url": "ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2360.diff"
                },
                {
                  "name": "RHSA-2008:0503",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2008-0503.html"
                },
                {
                  "name": "30628",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30628"
                },
                {
                  "name": "30659",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30659"
                },
                {
                  "name": "31109",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31109"
                },
                {
                  "name": "ADV-2008-1983",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/1983/references"
                },
                {
                  "name": "30671",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30671"
                },
                {
                  "name": "30809",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30809"
                },
                {
                  "name": "MDVSA-2008:179",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:179"
                },
                {
                  "name": "[xorg] 20080611 X.Org security advisory june 2008 - Multiple vulnerabilities in X server extensions",
                  "refsource": "MLIST",
                  "url": "http://lists.freedesktop.org/archives/xorg/2008-June/036026.html"
                },
                {
                  "name": "RHSA-2008:0504",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2008-0504.html"
                },
                {
                  "name": "30843",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30843"
                },
                {
                  "name": "DSA-1595",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2008/dsa-1595"
                },
                {
                  "name": "USN-616-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/usn-616-1"
                },
                {
                  "name": "32099",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/32099"
                },
                {
                  "name": "https://issues.rpath.com/browse/RPL-2619",
                  "refsource": "CONFIRM",
                  "url": "https://issues.rpath.com/browse/RPL-2619"
                },
                {
                  "name": "SUSE-SR:2008:019",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html"
                },
                {
                  "name": "RHSA-2008:0512",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2008-0512.html"
                },
                {
                  "name": "20080620 rPSA-2008-0200-1 xorg-server",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/493548/100/0/threaded"
                },
                {
                  "name": "30630",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30630"
                },
                {
                  "name": "GLSA-200807-07",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2008-2360",
        "datePublished": "2008-06-16T19:00:00.000Z",
        "dateReserved": "2008-05-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:58:02.415Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-0465 (GCVE-0-2011-0465)

    Vulnerability from cvelistv5 – Published: 2011-04-08 15:00 – Updated: 2024-08-06 21:51
    VLAI
    Summary
    xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a (1) DHCP or (2) XDMCP message.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.freedesktop.org/archives/xorg-announ… mailing-listx_refsource_MLIST
    http://www.redhat.com/support/errata/RHSA-2011-04… vendor-advisoryx_refsource_REDHAT
    http://www.vupen.com/english/advisories/2011/0966 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/44040 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2011/dsa-2213 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/44082 third-party-advisoryx_refsource_SECUNIA
    https://bugzilla.redhat.com/show_bug.cgi?id=680196 x_refsource_CONFIRM
    http://www.securitytracker.com/id?1025317 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/47189 vdb-entryx_refsource_BID
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://secunia.com/advisories/44123 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2011/0880 vdb-entryx_refsource_VUPEN
    http://www.vupen.com/english/advisories/2011/0906 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/44012 third-party-advisoryx_refsource_SECUNIA
    http://cgit.freedesktop.org/xorg/app/xrdb/commit/… x_refsource_CONFIRM
    http://secunia.com/advisories/44010 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.ubuntu.com/usn/USN-1107-1 vendor-advisoryx_refsource_UBUNTU
    http://slackware.com/security/viewer.php?l=slackw… vendor-advisoryx_refsource_SLACKWARE
    http://www.vupen.com/english/advisories/2011/0889 vdb-entryx_refsource_VUPEN
    http://www.vupen.com/english/advisories/2011/0929 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/44122 third-party-advisoryx_refsource_SECUNIA
    http://lists.freedesktop.org/archives/xorg-announ… mailing-listx_refsource_MLIST
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://www.redhat.com/support/errata/RHSA-2011-04… vendor-advisoryx_refsource_REDHAT
    http://www.vupen.com/english/advisories/2011/0975 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/44193 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://lwn.net/Articles/437150/ vendor-advisoryx_refsource_SUSE
    Date Public
    2011-04-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:51:08.842Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[xorg-announce] 20110405 X.Org security advisory: root hole via rogue hostname",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.freedesktop.org/archives/xorg-announce/2011-April/001636.html"
              },
              {
                "name": "RHSA-2011:0433",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2011-0433.html"
              },
              {
                "name": "ADV-2011-0966",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0966"
              },
              {
                "name": "44040",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/44040"
              },
              {
                "name": "DSA-2213",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2011/dsa-2213"
              },
              {
                "name": "44082",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/44082"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=680196"
              },
              {
                "name": "1025317",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1025317"
              },
              {
                "name": "47189",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/47189"
              },
              {
                "name": "FEDORA-2011-4871",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057928.html"
              },
              {
                "name": "44123",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/44123"
              },
              {
                "name": "ADV-2011-0880",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0880"
              },
              {
                "name": "ADV-2011-0906",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0906"
              },
              {
                "name": "44012",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/44012"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56"
              },
              {
                "name": "44010",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/44010"
              },
              {
                "name": "xorg11-xrdb-command-execution(66585)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66585"
              },
              {
                "name": "USN-1107-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1107-1"
              },
              {
                "name": "SSA:2011-096-01",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SLACKWARE",
                  "x_transferred"
                ],
                "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.465748"
              },
              {
                "name": "ADV-2011-0889",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0889"
              },
              {
                "name": "ADV-2011-0929",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0929"
              },
              {
                "name": "44122",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/44122"
              },
              {
                "name": "[xorg-announce] 20110405 xrdb 1.0.9",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.freedesktop.org/archives/xorg-announce/2011-April/001635.html"
              },
              {
                "name": "MDVSA-2011:076",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:076"
              },
              {
                "name": "RHSA-2011:0432",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2011-0432.html"
              },
              {
                "name": "ADV-2011-0975",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0975"
              },
              {
                "name": "44193",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/44193"
              },
              {
                "name": "SUSE-SA:2011:016",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00002.html"
              },
              {
                "name": "openSUSE-SU-2011:0298",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "https://lwn.net/Articles/437150/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-04-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a (1) DHCP or (2) XDMCP message."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[xorg-announce] 20110405 X.Org security advisory: root hole via rogue hostname",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.freedesktop.org/archives/xorg-announce/2011-April/001636.html"
            },
            {
              "name": "RHSA-2011:0433",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0433.html"
            },
            {
              "name": "ADV-2011-0966",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0966"
            },
            {
              "name": "44040",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/44040"
            },
            {
              "name": "DSA-2213",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2213"
            },
            {
              "name": "44082",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/44082"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=680196"
            },
            {
              "name": "1025317",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1025317"
            },
            {
              "name": "47189",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/47189"
            },
            {
              "name": "FEDORA-2011-4871",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057928.html"
            },
            {
              "name": "44123",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/44123"
            },
            {
              "name": "ADV-2011-0880",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0880"
            },
            {
              "name": "ADV-2011-0906",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0906"
            },
            {
              "name": "44012",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/44012"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56"
            },
            {
              "name": "44010",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/44010"
            },
            {
              "name": "xorg11-xrdb-command-execution(66585)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66585"
            },
            {
              "name": "USN-1107-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1107-1"
            },
            {
              "name": "SSA:2011-096-01",
              "tags": [
                "vendor-advisory",
                "x_refsource_SLACKWARE"
              ],
              "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.465748"
            },
            {
              "name": "ADV-2011-0889",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0889"
            },
            {
              "name": "ADV-2011-0929",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0929"
            },
            {
              "name": "44122",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/44122"
            },
            {
              "name": "[xorg-announce] 20110405 xrdb 1.0.9",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.freedesktop.org/archives/xorg-announce/2011-April/001635.html"
            },
            {
              "name": "MDVSA-2011:076",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:076"
            },
            {
              "name": "RHSA-2011:0432",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0432.html"
            },
            {
              "name": "ADV-2011-0975",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0975"
            },
            {
              "name": "44193",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/44193"
            },
            {
              "name": "SUSE-SA:2011:016",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00002.html"
            },
            {
              "name": "openSUSE-SU-2011:0298",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "https://lwn.net/Articles/437150/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-0465",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a (1) DHCP or (2) XDMCP message."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[xorg-announce] 20110405 X.Org security advisory: root hole via rogue hostname",
                  "refsource": "MLIST",
                  "url": "http://lists.freedesktop.org/archives/xorg-announce/2011-April/001636.html"
                },
                {
                  "name": "RHSA-2011:0433",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2011-0433.html"
                },
                {
                  "name": "ADV-2011-0966",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0966"
                },
                {
                  "name": "44040",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/44040"
                },
                {
                  "name": "DSA-2213",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2011/dsa-2213"
                },
                {
                  "name": "44082",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/44082"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=680196",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=680196"
                },
                {
                  "name": "1025317",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1025317"
                },
                {
                  "name": "47189",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/47189"
                },
                {
                  "name": "FEDORA-2011-4871",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057928.html"
                },
                {
                  "name": "44123",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/44123"
                },
                {
                  "name": "ADV-2011-0880",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0880"
                },
                {
                  "name": "ADV-2011-0906",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0906"
                },
                {
                  "name": "44012",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/44012"
                },
                {
                  "name": "http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56",
                  "refsource": "CONFIRM",
                  "url": "http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56"
                },
                {
                  "name": "44010",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/44010"
                },
                {
                  "name": "xorg11-xrdb-command-execution(66585)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66585"
                },
                {
                  "name": "USN-1107-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-1107-1"
                },
                {
                  "name": "SSA:2011-096-01",
                  "refsource": "SLACKWARE",
                  "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.465748"
                },
                {
                  "name": "ADV-2011-0889",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0889"
                },
                {
                  "name": "ADV-2011-0929",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0929"
                },
                {
                  "name": "44122",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/44122"
                },
                {
                  "name": "[xorg-announce] 20110405 xrdb 1.0.9",
                  "refsource": "MLIST",
                  "url": "http://lists.freedesktop.org/archives/xorg-announce/2011-April/001635.html"
                },
                {
                  "name": "MDVSA-2011:076",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:076"
                },
                {
                  "name": "RHSA-2011:0432",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2011-0432.html"
                },
                {
                  "name": "ADV-2011-0975",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0975"
                },
                {
                  "name": "44193",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/44193"
                },
                {
                  "name": "SUSE-SA:2011:016",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00002.html"
                },
                {
                  "name": "openSUSE-SU-2011:0298",
                  "refsource": "SUSE",
                  "url": "https://lwn.net/Articles/437150/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-0465",
        "datePublished": "2011-04-08T15:00:00.000Z",
        "dateReserved": "2011-01-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T21:51:08.842Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-2362 (GCVE-0-2008-2362)

    Vulnerability from cvelistv5 – Published: 2008-06-16 19:00 – Updated: 2024-08-07 08:58
    VLAI
    Summary
    Multiple integer overflows in the Render extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via a (1) SProcRenderCreateLinearGradient, (2) SProcRenderCreateRadialGradient, or (3) SProcRenderCreateConicalGradient request with an invalid field specifying the number of bytes to swap in the request data, which triggers heap memory corruption.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://issues.rpath.com/browse/RPL-2607 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/29670 vdb-entryx_refsource_BID
    http://sunsolve.sun.com/search/document.do?assetk… vendor-advisoryx_refsource_SUNALERT
    http://secunia.com/advisories/33937 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/30664 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/493550/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/31025 third-party-advisoryx_refsource_SECUNIA
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://support.apple.com/kb/HT3438 x_refsource_CONFIRM
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://www.vupen.com/english/advisories/2008/1833 vdb-entryx_refsource_VUPEN
    http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201 x_refsource_CONFIRM
    http://security.gentoo.org/glsa/glsa-200806-07.xml vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/30715 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/30666 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/30627 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/30637 third-party-advisoryx_refsource_SECUNIA
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patche… x_refsource_CONFIRM
    http://securitytracker.com/id?1020245 vdb-entryx_refsource_SECTRACK
    http://www.vupen.com/english/advisories/2008/1803 vdb-entryx_refsource_VUPEN
    http://support.avaya.com/elmodocs2/security/ASA-2… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/30772 third-party-advisoryx_refsource_SECUNIA
    http://labs.idefense.com/intelligence/vulnerabili… third-party-advisoryx_refsource_IDEFENSE
    http://secunia.com/advisories/30659 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/31109 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2008/1983… vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/30671 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/30809 third-party-advisoryx_refsource_SECUNIA
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://lists.freedesktop.org/archives/xorg/2008-J… mailing-listx_refsource_MLIST
    http://rhn.redhat.com/errata/RHSA-2008-0504.html vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/30843 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2008/dsa-1595 vendor-advisoryx_refsource_DEBIAN
    http://www.ubuntu.com/usn/usn-616-1 vendor-advisoryx_refsource_UBUNTU
    http://secunia.com/advisories/32099 third-party-advisoryx_refsource_SECUNIA
    https://issues.rpath.com/browse/RPL-2619 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.securityfocus.com/archive/1/493548/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/30630 third-party-advisoryx_refsource_SECUNIA
    http://www.gentoo.org/security/en/glsa/glsa-20080… vendor-advisoryx_refsource_GENTOO
    Date Public
    2008-06-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:58:02.043Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://issues.rpath.com/browse/RPL-2607"
              },
              {
                "name": "29670",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/29670"
              },
              {
                "name": "238686",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
                  "x_transferred"
                ],
                "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1"
              },
              {
                "name": "33937",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/33937"
              },
              {
                "name": "30664",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30664"
              },
              {
                "name": "20080621 rPSA-2008-0201-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/493550/100/0/threaded"
              },
              {
                "name": "31025",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31025"
              },
              {
                "name": "oval:org.mitre.oval:def:11246",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11246"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.apple.com/kb/HT3438"
              },
              {
                "name": "APPLE-SA-2009-02-12",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
              },
              {
                "name": "ADV-2008-1833",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/1833"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201"
              },
              {
                "name": "GLSA-200806-07",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200806-07.xml"
              },
              {
                "name": "30715",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30715"
              },
              {
                "name": "30666",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30666"
              },
              {
                "name": "30627",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30627"
              },
              {
                "name": "30637",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30637"
              },
              {
                "name": "MDVSA-2008:116",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:116"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2362.diff"
              },
              {
                "name": "1020245",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1020245"
              },
              {
                "name": "ADV-2008-1803",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/1803"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm"
              },
              {
                "name": "SUSE-SA:2008:027",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html"
              },
              {
                "name": "30772",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30772"
              },
              {
                "name": "20080611 Multiple Vendor X Server Render Extension Gradient Creation Integer Overflow Vulnerability",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_IDEFENSE",
                  "x_transferred"
                ],
                "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=720"
              },
              {
                "name": "30659",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30659"
              },
              {
                "name": "31109",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31109"
              },
              {
                "name": "ADV-2008-1983",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/1983/references"
              },
              {
                "name": "30671",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30671"
              },
              {
                "name": "30809",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30809"
              },
              {
                "name": "MDVSA-2008:179",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:179"
              },
              {
                "name": "[xorg] 20080611 X.Org security advisory june 2008 - Multiple vulnerabilities in X server extensions",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.freedesktop.org/archives/xorg/2008-June/036026.html"
              },
              {
                "name": "RHSA-2008:0504",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2008-0504.html"
              },
              {
                "name": "30843",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30843"
              },
              {
                "name": "DSA-1595",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2008/dsa-1595"
              },
              {
                "name": "USN-616-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/usn-616-1"
              },
              {
                "name": "32099",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/32099"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://issues.rpath.com/browse/RPL-2619"
              },
              {
                "name": "SUSE-SR:2008:019",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html"
              },
              {
                "name": "20080620 rPSA-2008-0200-1 xorg-server",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/493548/100/0/threaded"
              },
              {
                "name": "30630",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30630"
              },
              {
                "name": "GLSA-200807-07",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-06-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple integer overflows in the Render extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via a (1) SProcRenderCreateLinearGradient, (2) SProcRenderCreateRadialGradient, or (3) SProcRenderCreateConicalGradient request with an invalid field specifying the number of bytes to swap in the request data, which triggers heap memory corruption."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://issues.rpath.com/browse/RPL-2607"
            },
            {
              "name": "29670",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/29670"
            },
            {
              "name": "238686",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUNALERT"
              ],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1"
            },
            {
              "name": "33937",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/33937"
            },
            {
              "name": "30664",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30664"
            },
            {
              "name": "20080621 rPSA-2008-0201-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/493550/100/0/threaded"
            },
            {
              "name": "31025",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31025"
            },
            {
              "name": "oval:org.mitre.oval:def:11246",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11246"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.apple.com/kb/HT3438"
            },
            {
              "name": "APPLE-SA-2009-02-12",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
            },
            {
              "name": "ADV-2008-1833",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1833"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201"
            },
            {
              "name": "GLSA-200806-07",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200806-07.xml"
            },
            {
              "name": "30715",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30715"
            },
            {
              "name": "30666",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30666"
            },
            {
              "name": "30627",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30627"
            },
            {
              "name": "30637",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30637"
            },
            {
              "name": "MDVSA-2008:116",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:116"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2362.diff"
            },
            {
              "name": "1020245",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1020245"
            },
            {
              "name": "ADV-2008-1803",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1803"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm"
            },
            {
              "name": "SUSE-SA:2008:027",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html"
            },
            {
              "name": "30772",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30772"
            },
            {
              "name": "20080611 Multiple Vendor X Server Render Extension Gradient Creation Integer Overflow Vulnerability",
              "tags": [
                "third-party-advisory",
                "x_refsource_IDEFENSE"
              ],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=720"
            },
            {
              "name": "30659",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30659"
            },
            {
              "name": "31109",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31109"
            },
            {
              "name": "ADV-2008-1983",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1983/references"
            },
            {
              "name": "30671",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30671"
            },
            {
              "name": "30809",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30809"
            },
            {
              "name": "MDVSA-2008:179",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:179"
            },
            {
              "name": "[xorg] 20080611 X.Org security advisory june 2008 - Multiple vulnerabilities in X server extensions",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.freedesktop.org/archives/xorg/2008-June/036026.html"
            },
            {
              "name": "RHSA-2008:0504",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2008-0504.html"
            },
            {
              "name": "30843",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30843"
            },
            {
              "name": "DSA-1595",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2008/dsa-1595"
            },
            {
              "name": "USN-616-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/usn-616-1"
            },
            {
              "name": "32099",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/32099"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://issues.rpath.com/browse/RPL-2619"
            },
            {
              "name": "SUSE-SR:2008:019",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html"
            },
            {
              "name": "20080620 rPSA-2008-0200-1 xorg-server",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/493548/100/0/threaded"
            },
            {
              "name": "30630",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30630"
            },
            {
              "name": "GLSA-200807-07",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2008-2362",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple integer overflows in the Render extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via a (1) SProcRenderCreateLinearGradient, (2) SProcRenderCreateRadialGradient, or (3) SProcRenderCreateConicalGradient request with an invalid field specifying the number of bytes to swap in the request data, which triggers heap memory corruption."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://issues.rpath.com/browse/RPL-2607",
                  "refsource": "CONFIRM",
                  "url": "https://issues.rpath.com/browse/RPL-2607"
                },
                {
                  "name": "29670",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/29670"
                },
                {
                  "name": "238686",
                  "refsource": "SUNALERT",
                  "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1"
                },
                {
                  "name": "33937",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/33937"
                },
                {
                  "name": "30664",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30664"
                },
                {
                  "name": "20080621 rPSA-2008-0201-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/493550/100/0/threaded"
                },
                {
                  "name": "31025",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31025"
                },
                {
                  "name": "oval:org.mitre.oval:def:11246",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11246"
                },
                {
                  "name": "http://support.apple.com/kb/HT3438",
                  "refsource": "CONFIRM",
                  "url": "http://support.apple.com/kb/HT3438"
                },
                {
                  "name": "APPLE-SA-2009-02-12",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
                },
                {
                  "name": "ADV-2008-1833",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/1833"
                },
                {
                  "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201",
                  "refsource": "CONFIRM",
                  "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201"
                },
                {
                  "name": "GLSA-200806-07",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200806-07.xml"
                },
                {
                  "name": "30715",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30715"
                },
                {
                  "name": "30666",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30666"
                },
                {
                  "name": "30627",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30627"
                },
                {
                  "name": "30637",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30637"
                },
                {
                  "name": "MDVSA-2008:116",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:116"
                },
                {
                  "name": "ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2362.diff",
                  "refsource": "CONFIRM",
                  "url": "ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2362.diff"
                },
                {
                  "name": "1020245",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1020245"
                },
                {
                  "name": "ADV-2008-1803",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/1803"
                },
                {
                  "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm",
                  "refsource": "CONFIRM",
                  "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm"
                },
                {
                  "name": "SUSE-SA:2008:027",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html"
                },
                {
                  "name": "30772",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30772"
                },
                {
                  "name": "20080611 Multiple Vendor X Server Render Extension Gradient Creation Integer Overflow Vulnerability",
                  "refsource": "IDEFENSE",
                  "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=720"
                },
                {
                  "name": "30659",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30659"
                },
                {
                  "name": "31109",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31109"
                },
                {
                  "name": "ADV-2008-1983",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/1983/references"
                },
                {
                  "name": "30671",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30671"
                },
                {
                  "name": "30809",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30809"
                },
                {
                  "name": "MDVSA-2008:179",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:179"
                },
                {
                  "name": "[xorg] 20080611 X.Org security advisory june 2008 - Multiple vulnerabilities in X server extensions",
                  "refsource": "MLIST",
                  "url": "http://lists.freedesktop.org/archives/xorg/2008-June/036026.html"
                },
                {
                  "name": "RHSA-2008:0504",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2008-0504.html"
                },
                {
                  "name": "30843",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30843"
                },
                {
                  "name": "DSA-1595",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2008/dsa-1595"
                },
                {
                  "name": "USN-616-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/usn-616-1"
                },
                {
                  "name": "32099",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/32099"
                },
                {
                  "name": "https://issues.rpath.com/browse/RPL-2619",
                  "refsource": "CONFIRM",
                  "url": "https://issues.rpath.com/browse/RPL-2619"
                },
                {
                  "name": "SUSE-SR:2008:019",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html"
                },
                {
                  "name": "20080620 rPSA-2008-0200-1 xorg-server",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/493548/100/0/threaded"
                },
                {
                  "name": "30630",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30630"
                },
                {
                  "name": "GLSA-200807-07",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2008-2362",
        "datePublished": "2008-06-16T19:00:00.000Z",
        "dateReserved": "2008-05-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:58:02.043Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1379 (GCVE-0-2008-1379)

    Vulnerability from cvelistv5 – Published: 2008-06-16 19:00 – Updated: 2024-08-07 08:17
    VLAI
    Summary
    Integer overflow in the fbShmPutImage function in the MIT-SHM extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to read arbitrary process memory via crafted values for a Pixmap width and height.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securitytracker.com/id?1020246 vdb-entryx_refsource_SECTRACK
    https://issues.rpath.com/browse/RPL-2607 x_refsource_CONFIRM
    http://secunia.com/advisories/30629 third-party-advisoryx_refsource_SECUNIA
    http://sunsolve.sun.com/search/document.do?assetk… vendor-advisoryx_refsource_SUNALERT
    http://secunia.com/advisories/33937 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/30664 third-party-advisoryx_refsource_SECUNIA
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://www.securityfocus.com/archive/1/493550/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/31025 third-party-advisoryx_refsource_SECUNIA
    ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patche… x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2008-0502.html vendor-advisoryx_refsource_REDHAT
    http://h20000.www2.hp.com/bizsupport/TechSupport/… vendor-advisoryx_refsource_HP
    http://support.apple.com/kb/HT3438 x_refsource_CONFIRM
    http://labs.idefense.com/intelligence/vulnerabili… third-party-advisoryx_refsource_IDEFENSE
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://www.vupen.com/english/advisories/2008/1833 vdb-entryx_refsource_VUPEN
    http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201 x_refsource_CONFIRM
    http://security.gentoo.org/glsa/glsa-200806-07.xml vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/30715 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/30666 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/30627 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/30637 third-party-advisoryx_refsource_SECUNIA
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.vupen.com/english/advisories/2008/1803 vdb-entryx_refsource_VUPEN
    http://support.avaya.com/elmodocs2/security/ASA-2… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/30772 third-party-advisoryx_refsource_SECUNIA
    http://www.redhat.com/support/errata/RHSA-2008-05… vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/30628 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/30659 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/31109 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2008/1983… vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/30671 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/30809 third-party-advisoryx_refsource_SECUNIA
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://www.vupen.com/english/advisories/2008/3000 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/29669 vdb-entryx_refsource_BID
    http://lists.freedesktop.org/archives/xorg/2008-J… mailing-listx_refsource_MLIST
    http://rhn.redhat.com/errata/RHSA-2008-0504.html vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/32545 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/30843 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2008/dsa-1595 vendor-advisoryx_refsource_DEBIAN
    http://www.ubuntu.com/usn/usn-616-1 vendor-advisoryx_refsource_UBUNTU
    http://secunia.com/advisories/32099 third-party-advisoryx_refsource_SECUNIA
    https://issues.rpath.com/browse/RPL-2619 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://rhn.redhat.com/errata/RHSA-2008-0512.html vendor-advisoryx_refsource_REDHAT
    http://www.securityfocus.com/archive/1/493548/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/30630 third-party-advisoryx_refsource_SECUNIA
    http://www.gentoo.org/security/en/glsa/glsa-20080… vendor-advisoryx_refsource_GENTOO
    Date Public
    2008-06-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:17:34.606Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1020246",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1020246"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://issues.rpath.com/browse/RPL-2607"
              },
              {
                "name": "30629",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30629"
              },
              {
                "name": "238686",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
                  "x_transferred"
                ],
                "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1"
              },
              {
                "name": "33937",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/33937"
              },
              {
                "name": "30664",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30664"
              },
              {
                "name": "MDVSA-2008:115",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:115"
              },
              {
                "name": "20080621 rPSA-2008-0201-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/493550/100/0/threaded"
              },
              {
                "name": "31025",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31025"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-1379.diff"
              },
              {
                "name": "RHSA-2008:0502",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2008-0502.html"
              },
              {
                "name": "SSRT080083",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.apple.com/kb/HT3438"
              },
              {
                "name": "20080611 Multiple Vendor X Server MIT-SHM Extension Information Disclosure Vulnerability",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_IDEFENSE",
                  "x_transferred"
                ],
                "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=722"
              },
              {
                "name": "APPLE-SA-2009-02-12",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
              },
              {
                "name": "ADV-2008-1833",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/1833"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201"
              },
              {
                "name": "GLSA-200806-07",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200806-07.xml"
              },
              {
                "name": "30715",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30715"
              },
              {
                "name": "30666",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30666"
              },
              {
                "name": "xorg-fbshmputimage-information-disclosure(43016)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43016"
              },
              {
                "name": "30627",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30627"
              },
              {
                "name": "30637",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30637"
              },
              {
                "name": "MDVSA-2008:116",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:116"
              },
              {
                "name": "oval:org.mitre.oval:def:8966",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8966"
              },
              {
                "name": "ADV-2008-1803",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/1803"
              },
              {
                "name": "HPSBUX02381",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm"
              },
              {
                "name": "SUSE-SA:2008:027",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html"
              },
              {
                "name": "30772",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30772"
              },
              {
                "name": "RHSA-2008:0503",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2008-0503.html"
              },
              {
                "name": "30628",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30628"
              },
              {
                "name": "30659",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30659"
              },
              {
                "name": "31109",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31109"
              },
              {
                "name": "ADV-2008-1983",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/1983/references"
              },
              {
                "name": "30671",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30671"
              },
              {
                "name": "30809",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30809"
              },
              {
                "name": "MDVSA-2008:179",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:179"
              },
              {
                "name": "ADV-2008-3000",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/3000"
              },
              {
                "name": "29669",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/29669"
              },
              {
                "name": "[xorg] 20080611 X.Org security advisory june 2008 - Multiple vulnerabilities in X server extensions",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.freedesktop.org/archives/xorg/2008-June/036026.html"
              },
              {
                "name": "RHSA-2008:0504",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2008-0504.html"
              },
              {
                "name": "32545",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/32545"
              },
              {
                "name": "30843",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30843"
              },
              {
                "name": "DSA-1595",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2008/dsa-1595"
              },
              {
                "name": "USN-616-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/usn-616-1"
              },
              {
                "name": "32099",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/32099"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://issues.rpath.com/browse/RPL-2619"
              },
              {
                "name": "SUSE-SR:2008:019",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html"
              },
              {
                "name": "RHSA-2008:0512",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2008-0512.html"
              },
              {
                "name": "20080620 rPSA-2008-0200-1 xorg-server",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/493548/100/0/threaded"
              },
              {
                "name": "30630",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30630"
              },
              {
                "name": "GLSA-200807-07",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-06-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Integer overflow in the fbShmPutImage function in the MIT-SHM extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to read arbitrary process memory via crafted values for a Pixmap width and height."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "1020246",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1020246"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://issues.rpath.com/browse/RPL-2607"
            },
            {
              "name": "30629",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30629"
            },
            {
              "name": "238686",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUNALERT"
              ],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1"
            },
            {
              "name": "33937",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/33937"
            },
            {
              "name": "30664",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30664"
            },
            {
              "name": "MDVSA-2008:115",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:115"
            },
            {
              "name": "20080621 rPSA-2008-0201-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/493550/100/0/threaded"
            },
            {
              "name": "31025",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31025"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-1379.diff"
            },
            {
              "name": "RHSA-2008:0502",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2008-0502.html"
            },
            {
              "name": "SSRT080083",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.apple.com/kb/HT3438"
            },
            {
              "name": "20080611 Multiple Vendor X Server MIT-SHM Extension Information Disclosure Vulnerability",
              "tags": [
                "third-party-advisory",
                "x_refsource_IDEFENSE"
              ],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=722"
            },
            {
              "name": "APPLE-SA-2009-02-12",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
            },
            {
              "name": "ADV-2008-1833",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1833"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201"
            },
            {
              "name": "GLSA-200806-07",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200806-07.xml"
            },
            {
              "name": "30715",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30715"
            },
            {
              "name": "30666",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30666"
            },
            {
              "name": "xorg-fbshmputimage-information-disclosure(43016)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43016"
            },
            {
              "name": "30627",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30627"
            },
            {
              "name": "30637",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30637"
            },
            {
              "name": "MDVSA-2008:116",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:116"
            },
            {
              "name": "oval:org.mitre.oval:def:8966",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8966"
            },
            {
              "name": "ADV-2008-1803",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1803"
            },
            {
              "name": "HPSBUX02381",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm"
            },
            {
              "name": "SUSE-SA:2008:027",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html"
            },
            {
              "name": "30772",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30772"
            },
            {
              "name": "RHSA-2008:0503",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0503.html"
            },
            {
              "name": "30628",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30628"
            },
            {
              "name": "30659",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30659"
            },
            {
              "name": "31109",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31109"
            },
            {
              "name": "ADV-2008-1983",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1983/references"
            },
            {
              "name": "30671",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30671"
            },
            {
              "name": "30809",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30809"
            },
            {
              "name": "MDVSA-2008:179",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:179"
            },
            {
              "name": "ADV-2008-3000",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/3000"
            },
            {
              "name": "29669",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/29669"
            },
            {
              "name": "[xorg] 20080611 X.Org security advisory june 2008 - Multiple vulnerabilities in X server extensions",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.freedesktop.org/archives/xorg/2008-June/036026.html"
            },
            {
              "name": "RHSA-2008:0504",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2008-0504.html"
            },
            {
              "name": "32545",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/32545"
            },
            {
              "name": "30843",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30843"
            },
            {
              "name": "DSA-1595",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2008/dsa-1595"
            },
            {
              "name": "USN-616-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/usn-616-1"
            },
            {
              "name": "32099",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/32099"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://issues.rpath.com/browse/RPL-2619"
            },
            {
              "name": "SUSE-SR:2008:019",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html"
            },
            {
              "name": "RHSA-2008:0512",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2008-0512.html"
            },
            {
              "name": "20080620 rPSA-2008-0200-1 xorg-server",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/493548/100/0/threaded"
            },
            {
              "name": "30630",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30630"
            },
            {
              "name": "GLSA-200807-07",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2008-1379",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Integer overflow in the fbShmPutImage function in the MIT-SHM extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to read arbitrary process memory via crafted values for a Pixmap width and height."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1020246",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1020246"
                },
                {
                  "name": "https://issues.rpath.com/browse/RPL-2607",
                  "refsource": "CONFIRM",
                  "url": "https://issues.rpath.com/browse/RPL-2607"
                },
                {
                  "name": "30629",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30629"
                },
                {
                  "name": "238686",
                  "refsource": "SUNALERT",
                  "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1"
                },
                {
                  "name": "33937",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/33937"
                },
                {
                  "name": "30664",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30664"
                },
                {
                  "name": "MDVSA-2008:115",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:115"
                },
                {
                  "name": "20080621 rPSA-2008-0201-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/493550/100/0/threaded"
                },
                {
                  "name": "31025",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31025"
                },
                {
                  "name": "ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-1379.diff",
                  "refsource": "CONFIRM",
                  "url": "ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-1379.diff"
                },
                {
                  "name": "RHSA-2008:0502",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2008-0502.html"
                },
                {
                  "name": "SSRT080083",
                  "refsource": "HP",
                  "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321"
                },
                {
                  "name": "http://support.apple.com/kb/HT3438",
                  "refsource": "CONFIRM",
                  "url": "http://support.apple.com/kb/HT3438"
                },
                {
                  "name": "20080611 Multiple Vendor X Server MIT-SHM Extension Information Disclosure Vulnerability",
                  "refsource": "IDEFENSE",
                  "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=722"
                },
                {
                  "name": "APPLE-SA-2009-02-12",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
                },
                {
                  "name": "ADV-2008-1833",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/1833"
                },
                {
                  "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201",
                  "refsource": "CONFIRM",
                  "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201"
                },
                {
                  "name": "GLSA-200806-07",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200806-07.xml"
                },
                {
                  "name": "30715",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30715"
                },
                {
                  "name": "30666",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30666"
                },
                {
                  "name": "xorg-fbshmputimage-information-disclosure(43016)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43016"
                },
                {
                  "name": "30627",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30627"
                },
                {
                  "name": "30637",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30637"
                },
                {
                  "name": "MDVSA-2008:116",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:116"
                },
                {
                  "name": "oval:org.mitre.oval:def:8966",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8966"
                },
                {
                  "name": "ADV-2008-1803",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/1803"
                },
                {
                  "name": "HPSBUX02381",
                  "refsource": "HP",
                  "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321"
                },
                {
                  "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm",
                  "refsource": "CONFIRM",
                  "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm"
                },
                {
                  "name": "SUSE-SA:2008:027",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html"
                },
                {
                  "name": "30772",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30772"
                },
                {
                  "name": "RHSA-2008:0503",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2008-0503.html"
                },
                {
                  "name": "30628",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30628"
                },
                {
                  "name": "30659",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30659"
                },
                {
                  "name": "31109",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31109"
                },
                {
                  "name": "ADV-2008-1983",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/1983/references"
                },
                {
                  "name": "30671",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30671"
                },
                {
                  "name": "30809",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30809"
                },
                {
                  "name": "MDVSA-2008:179",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:179"
                },
                {
                  "name": "ADV-2008-3000",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/3000"
                },
                {
                  "name": "29669",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/29669"
                },
                {
                  "name": "[xorg] 20080611 X.Org security advisory june 2008 - Multiple vulnerabilities in X server extensions",
                  "refsource": "MLIST",
                  "url": "http://lists.freedesktop.org/archives/xorg/2008-June/036026.html"
                },
                {
                  "name": "RHSA-2008:0504",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2008-0504.html"
                },
                {
                  "name": "32545",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/32545"
                },
                {
                  "name": "30843",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30843"
                },
                {
                  "name": "DSA-1595",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2008/dsa-1595"
                },
                {
                  "name": "USN-616-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/usn-616-1"
                },
                {
                  "name": "32099",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/32099"
                },
                {
                  "name": "https://issues.rpath.com/browse/RPL-2619",
                  "refsource": "CONFIRM",
                  "url": "https://issues.rpath.com/browse/RPL-2619"
                },
                {
                  "name": "SUSE-SR:2008:019",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html"
                },
                {
                  "name": "RHSA-2008:0512",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2008-0512.html"
                },
                {
                  "name": "20080620 rPSA-2008-0200-1 xorg-server",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/493548/100/0/threaded"
                },
                {
                  "name": "30630",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30630"
                },
                {
                  "name": "GLSA-200807-07",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2008-1379",
        "datePublished": "2008-06-16T19:00:00.000Z",
        "dateReserved": "2008-03-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:17:34.606Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1377 (GCVE-0-2008-1377)

    Vulnerability from cvelistv5 – Published: 2008-06-16 19:00 – Updated: 2024-08-07 08:17
    VLAI
    Summary
    The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://issues.rpath.com/browse/RPL-2607 x_refsource_CONFIRM
    http://secunia.com/advisories/30629 third-party-advisoryx_refsource_SECUNIA
    http://labs.idefense.com/intelligence/vulnerabili… third-party-advisoryx_refsource_IDEFENSE
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://sunsolve.sun.com/search/document.do?assetk… vendor-advisoryx_refsource_SUNALERT
    http://secunia.com/advisories/33937 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/30664 third-party-advisoryx_refsource_SECUNIA
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://www.securityfocus.com/archive/1/493550/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/31025 third-party-advisoryx_refsource_SECUNIA
    http://rhn.redhat.com/errata/RHSA-2008-0502.html vendor-advisoryx_refsource_REDHAT
    http://h20000.www2.hp.com/bizsupport/TechSupport/… vendor-advisoryx_refsource_HP
    http://support.apple.com/kb/HT3438 x_refsource_CONFIRM
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://www.vupen.com/english/advisories/2008/1833 vdb-entryx_refsource_VUPEN
    http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201 x_refsource_CONFIRM
    http://security.gentoo.org/glsa/glsa-200806-07.xml vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/30715 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/30666 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/30627 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/30637 third-party-advisoryx_refsource_SECUNIA
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://www.vupen.com/english/advisories/2008/1803 vdb-entryx_refsource_VUPEN
    ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patche… x_refsource_CONFIRM
    http://support.avaya.com/elmodocs2/security/ASA-2… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/30772 third-party-advisoryx_refsource_SECUNIA
    http://securitytracker.com/id?1020247 vdb-entryx_refsource_SECTRACK
    http://www.redhat.com/support/errata/RHSA-2008-05… vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/30628 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/30659 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/31109 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2008/1983… vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/30671 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/30809 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2008/3000 vdb-entryx_refsource_VUPEN
    http://lists.freedesktop.org/archives/xorg/2008-J… mailing-listx_refsource_MLIST
    http://rhn.redhat.com/errata/RHSA-2008-0504.html vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/32545 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/30843 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2008/dsa-1595 vendor-advisoryx_refsource_DEBIAN
    http://www.ubuntu.com/usn/usn-616-1 vendor-advisoryx_refsource_UBUNTU
    http://secunia.com/advisories/32099 third-party-advisoryx_refsource_SECUNIA
    https://issues.rpath.com/browse/RPL-2619 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://rhn.redhat.com/errata/RHSA-2008-0512.html vendor-advisoryx_refsource_REDHAT
    http://www.securityfocus.com/archive/1/493548/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/30630 third-party-advisoryx_refsource_SECUNIA
    http://www.gentoo.org/security/en/glsa/glsa-20080… vendor-advisoryx_refsource_GENTOO
    Date Public
    2008-06-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:17:34.564Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://issues.rpath.com/browse/RPL-2607"
              },
              {
                "name": "30629",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30629"
              },
              {
                "name": "20080611 Multiple Vendor X Server Record and Security Extensions Multiple Memory Corruption Vulnerabilities",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_IDEFENSE",
                  "x_transferred"
                ],
                "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=721"
              },
              {
                "name": "oval:org.mitre.oval:def:10109",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10109"
              },
              {
                "name": "238686",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
                  "x_transferred"
                ],
                "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1"
              },
              {
                "name": "33937",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/33937"
              },
              {
                "name": "30664",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30664"
              },
              {
                "name": "MDVSA-2008:115",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:115"
              },
              {
                "name": "20080621 rPSA-2008-0201-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/493550/100/0/threaded"
              },
              {
                "name": "31025",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31025"
              },
              {
                "name": "RHSA-2008:0502",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2008-0502.html"
              },
              {
                "name": "SSRT080083",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.apple.com/kb/HT3438"
              },
              {
                "name": "APPLE-SA-2009-02-12",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
              },
              {
                "name": "ADV-2008-1833",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/1833"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201"
              },
              {
                "name": "GLSA-200806-07",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200806-07.xml"
              },
              {
                "name": "30715",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30715"
              },
              {
                "name": "30666",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30666"
              },
              {
                "name": "30627",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30627"
              },
              {
                "name": "30637",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30637"
              },
              {
                "name": "MDVSA-2008:116",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:116"
              },
              {
                "name": "ADV-2008-1803",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/1803"
              },
              {
                "name": "HPSBUX02381",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-1377.diff"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm"
              },
              {
                "name": "SUSE-SA:2008:027",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html"
              },
              {
                "name": "30772",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30772"
              },
              {
                "name": "1020247",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1020247"
              },
              {
                "name": "RHSA-2008:0503",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2008-0503.html"
              },
              {
                "name": "30628",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30628"
              },
              {
                "name": "30659",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30659"
              },
              {
                "name": "31109",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31109"
              },
              {
                "name": "ADV-2008-1983",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/1983/references"
              },
              {
                "name": "30671",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30671"
              },
              {
                "name": "30809",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30809"
              },
              {
                "name": "ADV-2008-3000",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/3000"
              },
              {
                "name": "[xorg] 20080611 X.Org security advisory june 2008 - Multiple vulnerabilities in X server extensions",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.freedesktop.org/archives/xorg/2008-June/036026.html"
              },
              {
                "name": "RHSA-2008:0504",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2008-0504.html"
              },
              {
                "name": "32545",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/32545"
              },
              {
                "name": "30843",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30843"
              },
              {
                "name": "DSA-1595",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2008/dsa-1595"
              },
              {
                "name": "USN-616-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/usn-616-1"
              },
              {
                "name": "32099",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/32099"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://issues.rpath.com/browse/RPL-2619"
              },
              {
                "name": "SUSE-SR:2008:019",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html"
              },
              {
                "name": "RHSA-2008:0512",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2008-0512.html"
              },
              {
                "name": "20080620 rPSA-2008-0200-1 xorg-server",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/493548/100/0/threaded"
              },
              {
                "name": "30630",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30630"
              },
              {
                "name": "GLSA-200807-07",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-06-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://issues.rpath.com/browse/RPL-2607"
            },
            {
              "name": "30629",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30629"
            },
            {
              "name": "20080611 Multiple Vendor X Server Record and Security Extensions Multiple Memory Corruption Vulnerabilities",
              "tags": [
                "third-party-advisory",
                "x_refsource_IDEFENSE"
              ],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=721"
            },
            {
              "name": "oval:org.mitre.oval:def:10109",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10109"
            },
            {
              "name": "238686",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUNALERT"
              ],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1"
            },
            {
              "name": "33937",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/33937"
            },
            {
              "name": "30664",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30664"
            },
            {
              "name": "MDVSA-2008:115",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:115"
            },
            {
              "name": "20080621 rPSA-2008-0201-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/493550/100/0/threaded"
            },
            {
              "name": "31025",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31025"
            },
            {
              "name": "RHSA-2008:0502",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2008-0502.html"
            },
            {
              "name": "SSRT080083",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.apple.com/kb/HT3438"
            },
            {
              "name": "APPLE-SA-2009-02-12",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
            },
            {
              "name": "ADV-2008-1833",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1833"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201"
            },
            {
              "name": "GLSA-200806-07",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200806-07.xml"
            },
            {
              "name": "30715",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30715"
            },
            {
              "name": "30666",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30666"
            },
            {
              "name": "30627",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30627"
            },
            {
              "name": "30637",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30637"
            },
            {
              "name": "MDVSA-2008:116",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:116"
            },
            {
              "name": "ADV-2008-1803",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1803"
            },
            {
              "name": "HPSBUX02381",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-1377.diff"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm"
            },
            {
              "name": "SUSE-SA:2008:027",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html"
            },
            {
              "name": "30772",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30772"
            },
            {
              "name": "1020247",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1020247"
            },
            {
              "name": "RHSA-2008:0503",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0503.html"
            },
            {
              "name": "30628",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30628"
            },
            {
              "name": "30659",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30659"
            },
            {
              "name": "31109",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31109"
            },
            {
              "name": "ADV-2008-1983",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1983/references"
            },
            {
              "name": "30671",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30671"
            },
            {
              "name": "30809",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30809"
            },
            {
              "name": "ADV-2008-3000",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/3000"
            },
            {
              "name": "[xorg] 20080611 X.Org security advisory june 2008 - Multiple vulnerabilities in X server extensions",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.freedesktop.org/archives/xorg/2008-June/036026.html"
            },
            {
              "name": "RHSA-2008:0504",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2008-0504.html"
            },
            {
              "name": "32545",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/32545"
            },
            {
              "name": "30843",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30843"
            },
            {
              "name": "DSA-1595",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2008/dsa-1595"
            },
            {
              "name": "USN-616-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/usn-616-1"
            },
            {
              "name": "32099",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/32099"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://issues.rpath.com/browse/RPL-2619"
            },
            {
              "name": "SUSE-SR:2008:019",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html"
            },
            {
              "name": "RHSA-2008:0512",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2008-0512.html"
            },
            {
              "name": "20080620 rPSA-2008-0200-1 xorg-server",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/493548/100/0/threaded"
            },
            {
              "name": "30630",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30630"
            },
            {
              "name": "GLSA-200807-07",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2008-1377",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://issues.rpath.com/browse/RPL-2607",
                  "refsource": "CONFIRM",
                  "url": "https://issues.rpath.com/browse/RPL-2607"
                },
                {
                  "name": "30629",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30629"
                },
                {
                  "name": "20080611 Multiple Vendor X Server Record and Security Extensions Multiple Memory Corruption Vulnerabilities",
                  "refsource": "IDEFENSE",
                  "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=721"
                },
                {
                  "name": "oval:org.mitre.oval:def:10109",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10109"
                },
                {
                  "name": "238686",
                  "refsource": "SUNALERT",
                  "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1"
                },
                {
                  "name": "33937",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/33937"
                },
                {
                  "name": "30664",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30664"
                },
                {
                  "name": "MDVSA-2008:115",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:115"
                },
                {
                  "name": "20080621 rPSA-2008-0201-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/493550/100/0/threaded"
                },
                {
                  "name": "31025",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31025"
                },
                {
                  "name": "RHSA-2008:0502",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2008-0502.html"
                },
                {
                  "name": "SSRT080083",
                  "refsource": "HP",
                  "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321"
                },
                {
                  "name": "http://support.apple.com/kb/HT3438",
                  "refsource": "CONFIRM",
                  "url": "http://support.apple.com/kb/HT3438"
                },
                {
                  "name": "APPLE-SA-2009-02-12",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
                },
                {
                  "name": "ADV-2008-1833",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/1833"
                },
                {
                  "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201",
                  "refsource": "CONFIRM",
                  "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201"
                },
                {
                  "name": "GLSA-200806-07",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200806-07.xml"
                },
                {
                  "name": "30715",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30715"
                },
                {
                  "name": "30666",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30666"
                },
                {
                  "name": "30627",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30627"
                },
                {
                  "name": "30637",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30637"
                },
                {
                  "name": "MDVSA-2008:116",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:116"
                },
                {
                  "name": "ADV-2008-1803",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/1803"
                },
                {
                  "name": "HPSBUX02381",
                  "refsource": "HP",
                  "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321"
                },
                {
                  "name": "ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-1377.diff",
                  "refsource": "CONFIRM",
                  "url": "ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-1377.diff"
                },
                {
                  "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm",
                  "refsource": "CONFIRM",
                  "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm"
                },
                {
                  "name": "SUSE-SA:2008:027",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html"
                },
                {
                  "name": "30772",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30772"
                },
                {
                  "name": "1020247",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1020247"
                },
                {
                  "name": "RHSA-2008:0503",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2008-0503.html"
                },
                {
                  "name": "30628",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30628"
                },
                {
                  "name": "30659",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30659"
                },
                {
                  "name": "31109",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31109"
                },
                {
                  "name": "ADV-2008-1983",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/1983/references"
                },
                {
                  "name": "30671",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30671"
                },
                {
                  "name": "30809",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30809"
                },
                {
                  "name": "ADV-2008-3000",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/3000"
                },
                {
                  "name": "[xorg] 20080611 X.Org security advisory june 2008 - Multiple vulnerabilities in X server extensions",
                  "refsource": "MLIST",
                  "url": "http://lists.freedesktop.org/archives/xorg/2008-June/036026.html"
                },
                {
                  "name": "RHSA-2008:0504",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2008-0504.html"
                },
                {
                  "name": "32545",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/32545"
                },
                {
                  "name": "30843",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30843"
                },
                {
                  "name": "DSA-1595",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2008/dsa-1595"
                },
                {
                  "name": "USN-616-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/usn-616-1"
                },
                {
                  "name": "32099",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/32099"
                },
                {
                  "name": "https://issues.rpath.com/browse/RPL-2619",
                  "refsource": "CONFIRM",
                  "url": "https://issues.rpath.com/browse/RPL-2619"
                },
                {
                  "name": "SUSE-SR:2008:019",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html"
                },
                {
                  "name": "RHSA-2008:0512",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2008-0512.html"
                },
                {
                  "name": "20080620 rPSA-2008-0200-1 xorg-server",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/493548/100/0/threaded"
                },
                {
                  "name": "30630",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30630"
                },
                {
                  "name": "GLSA-200807-07",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2008-1377",
        "datePublished": "2008-06-16T19:00:00.000Z",
        "dateReserved": "2008-03-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:17:34.564Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-2360 (GCVE-0-2008-2360)

    Vulnerability from cvelistv5 – Published: 2008-06-16 19:00 – Updated: 2024-08-07 08:58
    VLAI
    Summary
    Integer overflow in the AllocateGlyph function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to execute arbitrary code via unspecified request fields that are used to calculate a heap buffer size, which triggers a heap-based buffer overflow.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://issues.rpath.com/browse/RPL-2607 x_refsource_CONFIRM
    http://secunia.com/advisories/30629 third-party-advisoryx_refsource_SECUNIA
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://sunsolve.sun.com/search/document.do?assetk… vendor-advisoryx_refsource_SUNALERT
    http://secunia.com/advisories/33937 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/30664 third-party-advisoryx_refsource_SECUNIA
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://www.securityfocus.com/archive/1/493550/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/31025 third-party-advisoryx_refsource_SECUNIA
    http://labs.idefense.com/intelligence/vulnerabili… third-party-advisoryx_refsource_IDEFENSE
    http://rhn.redhat.com/errata/RHSA-2008-0502.html vendor-advisoryx_refsource_REDHAT
    http://support.apple.com/kb/HT3438 x_refsource_CONFIRM
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://www.vupen.com/english/advisories/2008/1833 vdb-entryx_refsource_VUPEN
    http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201 x_refsource_CONFIRM
    http://security.gentoo.org/glsa/glsa-200806-07.xml vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/30715 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/30666 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/30627 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/30637 third-party-advisoryx_refsource_SECUNIA
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://www.vupen.com/english/advisories/2008/1803 vdb-entryx_refsource_VUPEN
    http://support.avaya.com/elmodocs2/security/ASA-2… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://securitytracker.com/id?1020243 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/30772 third-party-advisoryx_refsource_SECUNIA
    ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patche… x_refsource_CONFIRM
    http://www.redhat.com/support/errata/RHSA-2008-05… vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/30628 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/30659 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/31109 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2008/1983… vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/30671 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/30809 third-party-advisoryx_refsource_SECUNIA
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://lists.freedesktop.org/archives/xorg/2008-J… mailing-listx_refsource_MLIST
    http://rhn.redhat.com/errata/RHSA-2008-0504.html vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/30843 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2008/dsa-1595 vendor-advisoryx_refsource_DEBIAN
    http://www.ubuntu.com/usn/usn-616-1 vendor-advisoryx_refsource_UBUNTU
    http://secunia.com/advisories/32099 third-party-advisoryx_refsource_SECUNIA
    https://issues.rpath.com/browse/RPL-2619 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://rhn.redhat.com/errata/RHSA-2008-0512.html vendor-advisoryx_refsource_REDHAT
    http://www.securityfocus.com/archive/1/493548/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/30630 third-party-advisoryx_refsource_SECUNIA
    http://www.gentoo.org/security/en/glsa/glsa-20080… vendor-advisoryx_refsource_GENTOO
    Date Public
    2008-06-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:58:02.415Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://issues.rpath.com/browse/RPL-2607"
              },
              {
                "name": "30629",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30629"
              },
              {
                "name": "oval:org.mitre.oval:def:9329",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9329"
              },
              {
                "name": "238686",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
                  "x_transferred"
                ],
                "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1"
              },
              {
                "name": "33937",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/33937"
              },
              {
                "name": "30664",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30664"
              },
              {
                "name": "MDVSA-2008:115",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:115"
              },
              {
                "name": "20080621 rPSA-2008-0201-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/493550/100/0/threaded"
              },
              {
                "name": "31025",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31025"
              },
              {
                "name": "20080611 Multiple Vendor X Server Render Extension AllocateGlyph() Integer Overflow Vulnerability",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_IDEFENSE",
                  "x_transferred"
                ],
                "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=718"
              },
              {
                "name": "RHSA-2008:0502",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2008-0502.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.apple.com/kb/HT3438"
              },
              {
                "name": "APPLE-SA-2009-02-12",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
              },
              {
                "name": "ADV-2008-1833",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/1833"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201"
              },
              {
                "name": "GLSA-200806-07",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200806-07.xml"
              },
              {
                "name": "30715",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30715"
              },
              {
                "name": "30666",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30666"
              },
              {
                "name": "30627",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30627"
              },
              {
                "name": "30637",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30637"
              },
              {
                "name": "MDVSA-2008:116",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:116"
              },
              {
                "name": "ADV-2008-1803",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/1803"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm"
              },
              {
                "name": "SUSE-SA:2008:027",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html"
              },
              {
                "name": "1020243",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1020243"
              },
              {
                "name": "30772",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30772"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2360.diff"
              },
              {
                "name": "RHSA-2008:0503",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2008-0503.html"
              },
              {
                "name": "30628",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30628"
              },
              {
                "name": "30659",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30659"
              },
              {
                "name": "31109",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31109"
              },
              {
                "name": "ADV-2008-1983",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/1983/references"
              },
              {
                "name": "30671",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30671"
              },
              {
                "name": "30809",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30809"
              },
              {
                "name": "MDVSA-2008:179",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:179"
              },
              {
                "name": "[xorg] 20080611 X.Org security advisory june 2008 - Multiple vulnerabilities in X server extensions",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.freedesktop.org/archives/xorg/2008-June/036026.html"
              },
              {
                "name": "RHSA-2008:0504",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2008-0504.html"
              },
              {
                "name": "30843",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30843"
              },
              {
                "name": "DSA-1595",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2008/dsa-1595"
              },
              {
                "name": "USN-616-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/usn-616-1"
              },
              {
                "name": "32099",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/32099"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://issues.rpath.com/browse/RPL-2619"
              },
              {
                "name": "SUSE-SR:2008:019",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html"
              },
              {
                "name": "RHSA-2008:0512",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2008-0512.html"
              },
              {
                "name": "20080620 rPSA-2008-0200-1 xorg-server",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/493548/100/0/threaded"
              },
              {
                "name": "30630",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30630"
              },
              {
                "name": "GLSA-200807-07",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-06-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Integer overflow in the AllocateGlyph function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to execute arbitrary code via unspecified request fields that are used to calculate a heap buffer size, which triggers a heap-based buffer overflow."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://issues.rpath.com/browse/RPL-2607"
            },
            {
              "name": "30629",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30629"
            },
            {
              "name": "oval:org.mitre.oval:def:9329",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9329"
            },
            {
              "name": "238686",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUNALERT"
              ],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1"
            },
            {
              "name": "33937",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/33937"
            },
            {
              "name": "30664",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30664"
            },
            {
              "name": "MDVSA-2008:115",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:115"
            },
            {
              "name": "20080621 rPSA-2008-0201-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/493550/100/0/threaded"
            },
            {
              "name": "31025",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31025"
            },
            {
              "name": "20080611 Multiple Vendor X Server Render Extension AllocateGlyph() Integer Overflow Vulnerability",
              "tags": [
                "third-party-advisory",
                "x_refsource_IDEFENSE"
              ],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=718"
            },
            {
              "name": "RHSA-2008:0502",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2008-0502.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.apple.com/kb/HT3438"
            },
            {
              "name": "APPLE-SA-2009-02-12",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
            },
            {
              "name": "ADV-2008-1833",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1833"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201"
            },
            {
              "name": "GLSA-200806-07",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200806-07.xml"
            },
            {
              "name": "30715",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30715"
            },
            {
              "name": "30666",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30666"
            },
            {
              "name": "30627",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30627"
            },
            {
              "name": "30637",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30637"
            },
            {
              "name": "MDVSA-2008:116",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:116"
            },
            {
              "name": "ADV-2008-1803",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1803"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm"
            },
            {
              "name": "SUSE-SA:2008:027",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html"
            },
            {
              "name": "1020243",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1020243"
            },
            {
              "name": "30772",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30772"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2360.diff"
            },
            {
              "name": "RHSA-2008:0503",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0503.html"
            },
            {
              "name": "30628",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30628"
            },
            {
              "name": "30659",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30659"
            },
            {
              "name": "31109",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31109"
            },
            {
              "name": "ADV-2008-1983",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1983/references"
            },
            {
              "name": "30671",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30671"
            },
            {
              "name": "30809",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30809"
            },
            {
              "name": "MDVSA-2008:179",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:179"
            },
            {
              "name": "[xorg] 20080611 X.Org security advisory june 2008 - Multiple vulnerabilities in X server extensions",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.freedesktop.org/archives/xorg/2008-June/036026.html"
            },
            {
              "name": "RHSA-2008:0504",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2008-0504.html"
            },
            {
              "name": "30843",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30843"
            },
            {
              "name": "DSA-1595",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2008/dsa-1595"
            },
            {
              "name": "USN-616-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/usn-616-1"
            },
            {
              "name": "32099",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/32099"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://issues.rpath.com/browse/RPL-2619"
            },
            {
              "name": "SUSE-SR:2008:019",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html"
            },
            {
              "name": "RHSA-2008:0512",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2008-0512.html"
            },
            {
              "name": "20080620 rPSA-2008-0200-1 xorg-server",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/493548/100/0/threaded"
            },
            {
              "name": "30630",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30630"
            },
            {
              "name": "GLSA-200807-07",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2008-2360",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Integer overflow in the AllocateGlyph function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to execute arbitrary code via unspecified request fields that are used to calculate a heap buffer size, which triggers a heap-based buffer overflow."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://issues.rpath.com/browse/RPL-2607",
                  "refsource": "CONFIRM",
                  "url": "https://issues.rpath.com/browse/RPL-2607"
                },
                {
                  "name": "30629",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30629"
                },
                {
                  "name": "oval:org.mitre.oval:def:9329",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9329"
                },
                {
                  "name": "238686",
                  "refsource": "SUNALERT",
                  "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1"
                },
                {
                  "name": "33937",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/33937"
                },
                {
                  "name": "30664",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30664"
                },
                {
                  "name": "MDVSA-2008:115",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:115"
                },
                {
                  "name": "20080621 rPSA-2008-0201-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/493550/100/0/threaded"
                },
                {
                  "name": "31025",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31025"
                },
                {
                  "name": "20080611 Multiple Vendor X Server Render Extension AllocateGlyph() Integer Overflow Vulnerability",
                  "refsource": "IDEFENSE",
                  "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=718"
                },
                {
                  "name": "RHSA-2008:0502",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2008-0502.html"
                },
                {
                  "name": "http://support.apple.com/kb/HT3438",
                  "refsource": "CONFIRM",
                  "url": "http://support.apple.com/kb/HT3438"
                },
                {
                  "name": "APPLE-SA-2009-02-12",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
                },
                {
                  "name": "ADV-2008-1833",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/1833"
                },
                {
                  "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201",
                  "refsource": "CONFIRM",
                  "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201"
                },
                {
                  "name": "GLSA-200806-07",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200806-07.xml"
                },
                {
                  "name": "30715",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30715"
                },
                {
                  "name": "30666",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30666"
                },
                {
                  "name": "30627",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30627"
                },
                {
                  "name": "30637",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30637"
                },
                {
                  "name": "MDVSA-2008:116",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:116"
                },
                {
                  "name": "ADV-2008-1803",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/1803"
                },
                {
                  "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm",
                  "refsource": "CONFIRM",
                  "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm"
                },
                {
                  "name": "SUSE-SA:2008:027",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html"
                },
                {
                  "name": "1020243",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1020243"
                },
                {
                  "name": "30772",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30772"
                },
                {
                  "name": "ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2360.diff",
                  "refsource": "CONFIRM",
                  "url": "ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2360.diff"
                },
                {
                  "name": "RHSA-2008:0503",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2008-0503.html"
                },
                {
                  "name": "30628",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30628"
                },
                {
                  "name": "30659",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30659"
                },
                {
                  "name": "31109",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31109"
                },
                {
                  "name": "ADV-2008-1983",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/1983/references"
                },
                {
                  "name": "30671",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30671"
                },
                {
                  "name": "30809",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30809"
                },
                {
                  "name": "MDVSA-2008:179",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:179"
                },
                {
                  "name": "[xorg] 20080611 X.Org security advisory june 2008 - Multiple vulnerabilities in X server extensions",
                  "refsource": "MLIST",
                  "url": "http://lists.freedesktop.org/archives/xorg/2008-June/036026.html"
                },
                {
                  "name": "RHSA-2008:0504",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2008-0504.html"
                },
                {
                  "name": "30843",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30843"
                },
                {
                  "name": "DSA-1595",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2008/dsa-1595"
                },
                {
                  "name": "USN-616-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/usn-616-1"
                },
                {
                  "name": "32099",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/32099"
                },
                {
                  "name": "https://issues.rpath.com/browse/RPL-2619",
                  "refsource": "CONFIRM",
                  "url": "https://issues.rpath.com/browse/RPL-2619"
                },
                {
                  "name": "SUSE-SR:2008:019",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html"
                },
                {
                  "name": "RHSA-2008:0512",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2008-0512.html"
                },
                {
                  "name": "20080620 rPSA-2008-0200-1 xorg-server",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/493548/100/0/threaded"
                },
                {
                  "name": "30630",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30630"
                },
                {
                  "name": "GLSA-200807-07",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2008-2360",
        "datePublished": "2008-06-16T19:00:00.000Z",
        "dateReserved": "2008-05-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:58:02.415Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }