CVE-2006-6102

Description

Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures.

How to fix CVE-2006-6102

To remediate CVE-2006-6102, upgrade the affected package to a fixed version below.

• Debian/xorg-server—upgrade to 2:1.1.1-15 or later

Is CVE-2006-6102 being exploited?

Moderate — EPSS is 6.4%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0, < 2:1.1.1-15

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2006-6102