Vulnerability CVE-2007-4990
Published: 2007-10-05   Modified: 2012-02-12

Description:
The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.

Type:

CWE-189

 (Numeric Errors)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
X.org -> X font server 

 References:
http://bugs.freedesktop.org/show_bug.cgi?id=12299
http://bugs.gentoo.org/show_bug.cgi?id=194606
http://docs.info.apple.com/article.html?artnum=307562
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01323725
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=602
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
http://lists.freedesktop.org/archives/xorg-announce/2007-October/000416.html
http://security.gentoo.org/glsa/glsa-200710-11.xml
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103114-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200642-1
http://www.mandriva.com/security/advisories?name=MDKSA-2007:210
http://www.novell.com/linux/security/advisories/2007_54_xorg.html
http://www.redhat.com/support/errata/RHSA-2008-0029.html
http://www.redhat.com/support/errata/RHSA-2008-0030.html
http://www.securityfocus.com/archive/1/481432/100/0/threaded
http://www.securityfocus.com/bid/25898
http://www.securitytracker.com/id?1018763
http://www.vupen.com/english/advisories/2007/3337
http://www.vupen.com/english/advisories/2007/3338
http://www.vupen.com/english/advisories/2007/3467
http://www.vupen.com/english/advisories/2008/0149
http://www.vupen.com/english/advisories/2008/0924/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/36920
https://issues.rpath.com/browse/RPL-1756
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11599
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00352.html
Copyright 2024, cxsecurity.com

 

Back to Top