Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "xdmx-tools": "2:1.14.3-3ubuntu3", "xnest": "2:1.14.3-3ubuntu3", "xvfb": "2:1.14.3-3ubuntu3", "xdmx": "2:1.14.3-3ubuntu3", "xserver-xorg-core-dbg": "2:1.14.3-3ubuntu3", "xserver-xorg-dev": "2:1.14.3-3ubuntu3", "xserver-xorg-core": "2:1.14.3-3ubuntu3", "xserver-common": "2:1.14.3-3ubuntu3", "xserver-xfbdev": "2:1.14.3-3ubuntu3", "xserver-xorg-core-udeb": "2:1.14.3-3ubuntu3", "xserver-xephyr": "2:1.14.3-3ubuntu3", "xserver-xorg-xmir": "2:1.14.3-3ubuntu3" } ] }