CyberSec.Space Logo
Back to CVE Browser

CVE-2006-6102

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0260%
EPSS Percentile32.78th
PublishedDec 31, 2006
Last ModifiedApr 23, 2026

Vulnerability Description

Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures.

Affected Platforms (CPE)

πŸ“¦
X.org

X.org

= 6.8.2
πŸ“¦
X.org

X.org

= 6.9.0
πŸ“¦
X.org

X.org

= 7.0
πŸ“¦
X.org

X.org

= 7.1
πŸ“¦
Xfree86 Project

Xfree86 X Server

All versions

References & Advisories

πŸ”— http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2007-002.txt.asc
πŸ”— http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01075678
πŸ”— http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=464
πŸ”— http://lists.freedesktop.org/archives/xorg-announce/2007-January/000235.html
πŸ”— http://osvdb.org/32085
πŸ”— http://secunia.com/advisories/23633
πŸ”— http://secunia.com/advisories/23670
πŸ”— http://secunia.com/advisories/23684

Related Vulnerabilities

CVE-2018-59709.8

SQL Injection exists in the JGive 2.0.9 component for Joomla! via the filter_org_ind_type or campaign_countries parameter.

CVE-2018-129769.8

In Go Doc Dot Org (gddo) through 2018-06-27, an attacker could use specially crafted <go-import> tags in packages being fetched by...

CVE-2017-177139.8

Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, ...

CVE-2018-10006169.8

ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in onos\drivers\utilities\src\m...