CVE-2010-1166

Published: 29 April 2010

The fbComposite function in fbpict.c in the Render extension in the X server in X.Org X11R7.1 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted request, related to an incorrect macro definition.

Priority

Status

Package	Release	Status
xorg-server Launchpad, Ubuntu, Debian	dapper	Ignored (end of life)
	hardy	Released (2:1.4.1~git20080131-1ubuntu9.3)
	jaunty	Released (2:1.6.0-0ubuntu14.2)
	karmic	Released (2:1.6.4-2ubuntu4.3)
	lucid	Not vulnerable
	upstream	Released
	Patches: vendor: http://launchpadlibrarian.net/47954537/112_xaa-fbcomposite-fix-negative-size.patch

References

https://ubuntu.com/security/notices/USN-939-1
https://www.cve.org/CVERecord?id=CVE-2010-1166
NVD
Launchpad
Debian

Bugs

https://bugs.launchpad.net/ubuntu/+source/xorg-server/+bug/551193

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›