The ProcPutImage function in dix/dispatch.c in X.Org Server (aka xserver and xorg-server) before 1.16.4 allows attackers to cause a denial of service (divide-by-zero and crash) via a zero-height PutImage request.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "2:1.15.1-0ubuntu2.4", "binary_name": "xdmx" }, { "binary_version": "2:1.15.1-0ubuntu2.4", "binary_name": "xdmx-tools" }, { "binary_version": "2:1.15.1-0ubuntu2.4", "binary_name": "xnest" }, { "binary_version": "2:1.15.1-0ubuntu2.4", "binary_name": "xorg-server-source" }, { "binary_version": "2:1.15.1-0ubuntu2.4", "binary_name": "xserver-common" }, { "binary_version": "2:1.15.1-0ubuntu2.4", "binary_name": "xserver-xephyr" }, { "binary_version": "2:1.15.1-0ubuntu2.4", "binary_name": "xserver-xorg-core" }, { "binary_version": "2:1.15.1-0ubuntu2.4", "binary_name": "xserver-xorg-core-dbg" }, { "binary_version": "2:1.15.1-0ubuntu2.4", "binary_name": "xserver-xorg-core-udeb" }, { "binary_version": "2:1.15.1-0ubuntu2.4", "binary_name": "xserver-xorg-dev" }, { "binary_version": "2:1.15.1-0ubuntu2.4", "binary_name": "xserver-xorg-xmir" }, { "binary_version": "2:1.15.1-0ubuntu2.4", "binary_name": "xvfb" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "2:1.16.0-1ubuntu1.2~trusty2", "binary_name": "xorg-server-source-lts-utopic" }, { "binary_version": "2:1.16.0-1ubuntu1.2~trusty2", "binary_name": "xserver-xephyr-lts-utopic" }, { "binary_version": "2:1.16.0-1ubuntu1.2~trusty2", "binary_name": "xserver-xorg-core-lts-utopic" }, { "binary_version": "2:1.16.0-1ubuntu1.2~trusty2", "binary_name": "xserver-xorg-core-lts-utopic-dbg" }, { "binary_version": "2:1.16.0-1ubuntu1.2~trusty2", "binary_name": "xserver-xorg-dev-lts-utopic" }, { "binary_version": "2:1.16.0-1ubuntu1.2~trusty2", "binary_name": "xwayland-lts-utopic" } ] }