Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 24 Apr 2015 17:00:22 +0200
From: Marcus Meissner <>
To: OSS Security List <>,
Subject: CVE request: X server crash by client


We got notified that the fix for CVE-2014-8092 introduced the possibility
of a division by 0 when the "height" for the PutImage call is 0, leading
to X server abort.

This was already fixed in January in X git.

As this is a local denial of service, but might be triggerable by images with 0 height
supplied externally, it might need a CVE.

Ciao, Marcus

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ