Lucene search

RedhatCVE-2010-1166

HistoryApr 29, 2010 - 9:30 p.m.

CVE-2010-1166

2010-04-2921:30:00

CWE-189

redhat

web.nvd.nist.gov

cve-2010-1166

x server

render extension

x.org x11r7.1

memory corruption

daemon crash

remote code execution

nvd

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:S/C:C/I:C/A:C

AI Score

7.6

Confidence

High

EPSS

0.009

Percentile

83.1%

JSON

The fbComposite function in fbpict.c in the Render extension in the X server in X.Org X11R7.1 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted request, related to an incorrect macro definition.

Affected configurations

Nvd

Node

xx.orgMatch7.1

VendorProductVersionCPE
xx.org7.1cpe:2.3:a:x:x.org:7.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
x	x.org	7.1	cpe:2.3:a:x:x.org:7.1:::::::*

References

cgit.freedesktop.org/xorg/xserver/commit/?id=d2f813f7db

lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html

secunia.com/advisories/39650

secunia.com/advisories/39834

securitytracker.com/id?1023929

www.ubuntu.com/usn/USN-939-1

www.vupen.com/english/advisories/2010/1185

bugzilla.redhat.com/show_bug.cgi?id=495733

bugzilla.redhat.com/show_bug.cgi?id=582601

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10112

rhn.redhat.com/errata/RHSA-2010-0382.html

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:S/C:C/I:C/A:C

AI Score

7.6

Confidence

High

EPSS

0.009

Percentile

83.1%

JSON

Related for CVE-2010-1166