Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 24 Apr 2015 17:00:22 +0200
From: Marcus Meissner <>
To: OSS Security List <>,
Subject: CVE request: X server crash by client


We got notified that the fix for CVE-2014-8092 introduced the possibility
of a division by 0 when the "height" for the PutImage call is 0, leading
to X server abort.

This was already fixed in January in X git.

As this is a local denial of service, but might be triggerable by images with 0 height
supplied externally, it might need a CVE.

Ciao, Marcus

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.