Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.
Exploitability
AV:NAC:LAu:NImpact
C:NI:NA:P5/AV:N/AC:L/Au:N/C:N/I:N/A:P