Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 25 Apr 2015 16:40:10 +0200
From: Marcus Meissner <>
Cc:, xorg_security@...rg
Subject: Re: Re: CVE request: X server crash by client

On Fri, Apr 24, 2015 at 11:22:20PM -0400, wrote:
> > We got notified that the fix for CVE-2014-8092 introduced the possibility
> > of a division by 0 when the "height" for the PutImage call is 0, leading
> > to X server abort.
> > 
> > This was already fixed in January in X git.
> >
> > 
> > As this is a local denial of service, but might be triggerable by images with 0 height
> > supplied externally, it might need a CVE.
> Use CVE-2015-3418.


> >
> This currently doesn't seem to be a public bug - we don't know whether
> that's intentional.

opened it... was not open as it was under another product before.

Ciao, Marcus

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ