oss-sec mailing list archives
Re: Re: CVE request: X server crash by client
From: Marcus Meissner <meissner () suse de>
Date: Sat, 25 Apr 2015 16:40:10 +0200
On Fri, Apr 24, 2015 at 11:22:20PM -0400, cve-assign () mitre org wrote:
We got notified that the fix for CVE-2014-8092 introduced the possibility of a division by 0 when the "height" for the PutImage call is 0, leading to X server abort. This was already fixed in January in X git. http://cgit.freedesktop.org/xorg/xserver/commit/?id=dc777c346d5d452a53b13b917c45f6a1bad2f20b As this is a local denial of service, but might be triggerable by images with 0 height supplied externally, it might need a CVE.Use CVE-2015-3418.
thanks!
https://bugzilla.novell.com/show_bug.cgi?id=928520This currently doesn't seem to be a public bug - we don't know whether that's intentional.
opened it... was not open as it was under another product before. Ciao, Marcus
Current thread:
- CVE request: X server crash by client Marcus Meissner (Apr 24)
- Re: CVE request: X server crash by client cve-assign (Apr 24)
- Re: Re: CVE request: X server crash by client Marcus Meissner (Apr 25)
- Re: CVE request: X server crash by client Alan Coopersmith (Apr 27)
- Re: CVE request: X server crash by client cve-assign (Apr 24)