CVE-2010-1166
First published: Thu Apr 15 2010(Updated: )
A memory corruption flaw was discovered in Xorg X server's Render extension. Problem originally reported as Firefox crashing X server issue was tracked down to an incorrect calculation issue in mod() macro by Olivier Fourdan: <a class="bz_bug_link bz_status_CLOSED bz_closed bz_public " title="CLOSED ERRATA - Xorg crashes with latest firefox" href="show_bug.cgi?id=495733#c15">https://bugzilla.redhat.com/show_bug.cgi?id=495733#c15</a> This issue could cause mod() to return value greater than its second argument (the divisor), resulting in excessive read and write in Render composite operation, causing heap or video memory corruption.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| X.Org Server | =7.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=495733
- http://securitytracker.com/id?1023929
- http://secunia.com/advisories/39650
- http://cgit.freedesktop.org/xorg/xserver/commit/?id=d2f813f7db
- https://bugzilla.redhat.com/show_bug.cgi?id=582601
- https://rhn.redhat.com/errata/RHSA-2010-0382.html
- http://www.vupen.com/english/advisories/2010/1185
- http://secunia.com/advisories/39834
- http://www.ubuntu.com/usn/USN-939-1
- http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10112
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=495733#c15
- http://cgit.freedesktop.org/xorg/xserver/commit/?id=7c84189ea1
- https://bugs.freedesktop.org/show_bug.cgi?id=3566
Frequently Asked Questions
What is the severity of CVE-2010-1166?
CVE-2010-1166 is considered to have a moderate severity level due to potential crashes caused by memory corruption.
How do I fix CVE-2010-1166?
To fix CVE-2010-1166, upgrade the X.Org server to version 7.1 or later where the vulnerability has been addressed.
What systems are affected by CVE-2010-1166?
CVE-2010-1166 affects X.Org Server version 7.1.
What types of attacks can exploit CVE-2010-1166?
CVE-2010-1166 can be exploited through denial of service attacks that cause the X server to crash.
When was CVE-2010-1166 discovered?
CVE-2010-1166 was discovered in 2010, highlighting a memory corruption flaw in the X.Org X server.
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/references
- agent/severity
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-1166
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/x
- canonical/x.org server
- version/x.org server/7.1