CVE-2006-1526

Publication date 2 May 2006

Last updated 24 July 2024

Ubuntu priority

Buffer overflow in the X render (Xrender) extension in X.org X server 6.8.0 up to allows attackers to cause a denial of service (crash), as demonstrated by the (1) XRenderCompositeTriStrip and (2) XRenderCompositeTriFan requests in the rendertest from XCB xcb/xcb-demo, which leads to an incorrect memory allocation due to a typo in an expression that uses a "&" instead of a "*" operator. NOTE: the subject line of the original announcement used an incorrect CVE number for this issue.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
xorg	7.04 feisty	Not affected
	6.10 edgy	Not affected
	6.06 LTS dapper	Not affected
xorg-server	7.04 feisty	Fixed 1.2.0-3ubuntu8
	6.10 edgy	Fixed 1.1.1-0ubuntu12.2
	6.06 LTS dapper	Fixed 1.0.2-0ubuntu10.7

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-280-1
X.org server vulnerability
4 May 2006

Other references

https://www.cve.org/CVERecord?id=CVE-2006-1526