CVE-2007-2437

X.org X Window System 7.0-7.2 with Xserver < 1.3.0 - Authenticated Denial of Service via XRender Extension

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2437. PoCs published by Derek Abdine.

AI-analyzed exploit summary This exploit targets a denial-of-service vulnerability in X.Org X Window System Xserver by manipulating trap structures with specific values to crash the server. The code provides predefined trap configurations that trigger the vulnerability when processed by the X server.

Description

The X render (Xrender) extension in X.org X Window System 7.0, 7.1, and 7.2, with Xserver 1.3.0 and earlier, allows remote authenticated users to cause a denial of service (daemon crash) via crafted values to the (1) XRenderCompositeTrapezoids and (2) XRenderAddTraps functions, which trigger a divide-by-zero error.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Derek Abdine · textdoslinux

https://www.exploit-db.com/exploits/29939

View Code ZIP pw:eip

This exploit targets a denial-of-service vulnerability in X.Org X Window System Xserver by manipulating trap structures with specific values to crash the server. The code provides predefined trap configurations that trigger the vulnerability when processed by the X server.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: X.Org X Window System Xserver 1.3.0

No auth needed

Prerequisites: Network access to a vulnerable X server

MITRE ATT&CK