CVE-2010-1166 : The fbComposite function in fbpict.c in the Render extension in the X server in X.Org X11R7.1 allows remote authenticate

The fbComposite function in fbpict.c in the Render extension in the X server in X.Org X11R7.1 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted request, related to an incorrect macro definition.

Published 2010-04-29 21:30:00

Updated 2023-02-13 04:17:29

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Memory CorruptionExecute codeDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2010-1166

Probability of exploitation activity in the next 30 days: 1.05%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 82 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2010-1166

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.1	HIGH	AV:N/AC:H/Au:S/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Network Access Complexity: High Authentication: Single Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2010-1166

CWE-189

Assigned by: nvd@nist.gov (Primary)

References for CVE-2010-1166

https://bugzilla.redhat.com/show_bug.cgi?id=495733

495733 – Xorg crashes with latest firefox
https://bugzilla.redhat.com/show_bug.cgi?id=582601

582601 – (CVE-2010-1166) CVE-2010-1166 Xorg: X server Render extension memory corruption
http://cgit.freedesktop.org/xorg/xserver/commit/?id=d2f813f7db

xorg/xserver - X server (mirrored from https://gitlab.freedesktop.org/xorg/xserver)
Exploit;Patch
http://www.ubuntu.com/usn/USN-939-1

USN-939-1: X.org vulnerabilities | Ubuntu security notices

CVEs referencing this url
http://www.vupen.com/english/advisories/2010/1185

Webmail | OVH- OVH

CVEs referencing this url
https://rhn.redhat.com/errata/RHSA-2010-0382.html

RHSA-2010:0382 - Security Advisory - Red Hat Customer Portal
http://securitytracker.com/id?1023929

X.org Xserver mod() Calculation Error Lets Remote Users Execute Arbitrary Code - SecurityTracker
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html

[security-announce] SUSE Security Summary Report: SUSE-SR:2010:014

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10112

Repository / Oval Repository

Products affected by CVE-2010-1166

X » X.org » Version: 7.1
cpe:2.3:a:x:x.org:7.1:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2010-1166

Exploit prediction scoring system (EPSS) score for CVE-2010-1166

CVSS scores for CVE-2010-1166

CWE ids for CVE-2010-1166

References for CVE-2010-1166

Products affected by CVE-2010-1166