CVEブラウザに戻る

CVE-2006-6102

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0260%

EPSS Percentile32.78th

Published2006年12月31日

Last Modified2026年4月23日

Vulnerability Description

Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures.

Affected Platforms (CPE)

📦

X.org

X.org

= 6.8.2

📦

X.org

X.org

= 6.9.0

📦

X.org

X.org

= 7.0

📦

X.org

X.org

= 7.1

📦

Xfree86 Project

Xfree86 X Server

All versions

References & Advisories

🔗 http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2007-002.txt.asc

🔗 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01075678

🔗 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=464

🔗 http://lists.freedesktop.org/archives/xorg-announce/2007-January/000235.html

🔗 http://osvdb.org/32085

🔗 http://secunia.com/advisories/23633

🔗 http://secunia.com/advisories/23670

🔗 http://secunia.com/advisories/23684

関連する脆弱性情報

CVE-2018-59709.8

SQL Injection exists in the JGive 2.0.9 component for Joomla! via the filter_org_ind_type or campaign_countries parameter.

CVE-2018-129769.8

In Go Doc Dot Org (gddo) through 2018-06-27, an attacker could use specially crafted <go-import> tags in packages being fetched by...

CVE-2017-177139.8

Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, ...

CVE-2018-10006169.8

ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in onos\drivers\utilities\src\m...