Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "binary_version": "2:1.14.3-3ubuntu3", "binary_name": "xdmx" }, { "binary_version": "2:1.14.3-3ubuntu3", "binary_name": "xdmx-tools" }, { "binary_version": "2:1.14.3-3ubuntu3", "binary_name": "xnest" }, { "binary_version": "2:1.14.3-3ubuntu3", "binary_name": "xserver-common" }, { "binary_version": "2:1.14.3-3ubuntu3", "binary_name": "xserver-xephyr" }, { "binary_version": "2:1.14.3-3ubuntu3", "binary_name": "xserver-xfbdev" }, { "binary_version": "2:1.14.3-3ubuntu3", "binary_name": "xserver-xorg-core" }, { "binary_version": "2:1.14.3-3ubuntu3", "binary_name": "xserver-xorg-core-dbg" }, { "binary_version": "2:1.14.3-3ubuntu3", "binary_name": "xserver-xorg-core-udeb" }, { "binary_version": "2:1.14.3-3ubuntu3", "binary_name": "xserver-xorg-dev" }, { "binary_version": "2:1.14.3-3ubuntu3", "binary_name": "xserver-xorg-xmir" }, { "binary_version": "2:1.14.3-3ubuntu3", "binary_name": "xvfb" } ] }