CVE - CVE-2007-1003

CVE-ID
CVE-2007-1003	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList function in the XC-MISC extension in the X.Org X11 server (xserver) 7.1-1.1.0, and other versions before 20070403, allows remote authenticated users to execute arbitrary code via a large expression, which results in memory corruption.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
IDEFENSE:20070403 Multiple Vendor X Server XC-MISC Extension Memory Corruption Vulnerability URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=503 BUGTRAQ:20070404 rPSA-2007-0065-1 freetype xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs URL:http://www.securityfocus.com/archive/1/464686/100/0/threaded BUGTRAQ:20070405 FLEA-2007-0009-1: xorg-x11 freetype URL:http://www.securityfocus.com/archive/1/464816/100/0/threaded MLIST:[xorg-announce] 20070403 various integer overflow vulnerabilites in xserver, libX11 and libXfont URL:http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html CONFIRM:http://issues.foresightlinux.org/browse/FL-223 CONFIRM:https://issues.rpath.com/browse/RPL-1213 CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm DEBIAN:DSA-1294 URL:http://www.debian.org/security/2007/dsa-1294 GENTOO:GLSA-200705-10 URL:http://security.gentoo.org/glsa/glsa-200705-10.xml MANDRIVA:MDKSA-2007:079 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:079 MANDRIVA:MDKSA-2007:080 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:080 OPENBSD:[3.9] 021: SECURITY FIX: April 4, 2007 URL:http://www.openbsd.org/errata39.html#021_xorg OPENBSD:[4.0] 011: SECURITY FIX: April 4, 2007 URL:http://www.openbsd.org/errata40.html#011_xorg REDHAT:RHSA-2007:0126 URL:http://www.redhat.com/support/errata/RHSA-2007-0126.html REDHAT:RHSA-2007:0125 URL:http://rhn.redhat.com/errata/RHSA-2007-0125.html REDHAT:RHSA-2007:0127 URL:http://www.redhat.com/support/errata/RHSA-2007-0127.html SUNALERT:102886 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1 SUSE:SUSE-SA:2007:027 URL:http://www.novell.com/linux/security/advisories/2007_27_x.html SUSE:SUSE-SR:2008:008 URL:http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html UBUNTU:USN-448-1 URL:http://www.ubuntu.com/usn/usn-448-1 BID:23284 URL:http://www.securityfocus.com/bid/23284 BID:23300 URL:http://www.securityfocus.com/bid/23300 OVAL:oval:org.mitre.oval:def:9798 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9798 VUPEN:ADV-2007-1217 URL:http://www.vupen.com/english/advisories/2007/1217 VUPEN:ADV-2007-1548 URL:http://www.vupen.com/english/advisories/2007/1548 OVAL:oval:org.mitre.oval:def:1980 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1980 SECTRACK:1017857 URL:http://www.securitytracker.com/id?1017857 SECUNIA:24741 URL:http://secunia.com/advisories/24741 SECUNIA:24756 URL:http://secunia.com/advisories/24756 SECUNIA:24770 URL:http://secunia.com/advisories/24770 SECUNIA:24745 URL:http://secunia.com/advisories/24745 SECUNIA:24758 URL:http://secunia.com/advisories/24758 SECUNIA:24765 URL:http://secunia.com/advisories/24765 SECUNIA:24771 URL:http://secunia.com/advisories/24771 SECUNIA:24772 URL:http://secunia.com/advisories/24772 SECUNIA:24791 URL:http://secunia.com/advisories/24791 SECUNIA:25004 URL:http://secunia.com/advisories/25004 SECUNIA:25006 URL:http://secunia.com/advisories/25006 SECUNIA:25195 URL:http://secunia.com/advisories/25195 SECUNIA:25216 URL:http://secunia.com/advisories/25216 SECUNIA:25305 URL:http://secunia.com/advisories/25305 SECUNIA:29622 URL:http://secunia.com/advisories/29622 XF:xorg-xcmisc-overflow(33424) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/33424
Assigning CNA
N/A
Date Entry Created
20070216	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070216)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org

Use of the Common Vulnerabilities and Exposures (CVE®) List and the associated references from this website are subject to the terms of use. CVE is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Copyright © 1999–2018, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation. For more information, please contact us.