CVE-2006-1526
EPSS 0.44%
Description
Buffer overflow in the X render (Xrender) extension in X.org X server 6.8.0 up to allows attackers to cause a denial of service (crash), as demonstrated by the (1) XRenderCompositeTriStrip and (2) XRenderCompositeTriFan requests in the rendertest from XCB xcb/xcb-demo, which leads to an incorrect memory allocation due to a typo in an expression that uses a "&" instead of a "*" operator. NOTE: the subject line of the original announcement used an incorrect CVE number for this issue.
How to fix CVE-2006-1526
To remediate CVE-2006-1526, upgrade the affected package to a fixed version below.
- Debian/xorg-server—upgrade to 1:1.0.2-8 or later
Is CVE-2006-1526 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1:1.0.2-8