Vigil@nce - X.Org Server: denial of service via PutImage
May 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use the PutImage() function with a null height, in
order to trigger a denial of service of X.Org Server.
– Impacted products: XOrg Bundle
– Severity: 1/4
– Creation date: 27/04/2015
DESCRIPTION OF THE VULNERABILITY
The X.Org Server product implements the server side of the
PutImage() function, which displays an image on the screen.
However, if the image height is zero, a division by zero occurs.
An attacker can therefore use the PutImage() function with a null
height, in order to trigger a denial of service of X.Org Server.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/X-Org-Server-denial-of-service-via-PutImage-16718