CVE - CVE-2007-4990

CVE-ID
CVE-2007-4990	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
APPLE:APPLE-SA-2008-03-18 URL:http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html BID:25898 URL:http://www.securityfocus.com/bid/25898 BUGTRAQ:20071003 rPSA-2007-0205-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs URL:http://www.securityfocus.com/archive/1/481432/100/0/threaded CONFIRM:http://bugs.freedesktop.org/show_bug.cgi?id=12299 CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=194606 CONFIRM:http://docs.info.apple.com/article.html?artnum=307562 CONFIRM:https://issues.rpath.com/browse/RPL-1756 FEDORA:FEDORA-2007-4263 URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00352.html GENTOO:GLSA-200710-11 URL:http://security.gentoo.org/glsa/glsa-200710-11.xml HP:HPSBUX02303 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01323725 HP:SSRT071468 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01323725 IDEFENSE:20071002 Multiple Vendor X Font Server Multiple Vulnerabilities URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=602 MANDRIVA:MDKSA-2007:210 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2007:210~~ (Obsolete source) MLIST:[xorg-announce] 20071002 [ANNOUNCE] X.Org security advisory: multiple vulnerabilities in X font server URL:http://lists.freedesktop.org/archives/xorg-announce/2007-October/000416.html OVAL:oval:org.mitre.oval:def:11599 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11599 REDHAT:RHSA-2008:0029 URL:http://www.redhat.com/support/errata/RHSA-2008-0029.html REDHAT:RHSA-2008:0030 URL:http://www.redhat.com/support/errata/RHSA-2008-0030.html SECTRACK:1018763 URL:http://www.securitytracker.com/id?1018763 SECUNIA:27040 URL:http://secunia.com/advisories/27040 SECUNIA:27052 URL:http://secunia.com/advisories/27052 SECUNIA:27060 URL:http://secunia.com/advisories/27060 SECUNIA:27176 URL:http://secunia.com/advisories/27176 SECUNIA:27228 URL:http://secunia.com/advisories/27228 SECUNIA:27240 URL:http://secunia.com/advisories/27240 SECUNIA:27560 URL:http://secunia.com/advisories/27560 SECUNIA:28004 URL:http://secunia.com/advisories/28004 SECUNIA:28514 URL:http://secunia.com/advisories/28514 SECUNIA:28536 URL:http://secunia.com/advisories/28536 SECUNIA:28542 URL:http://secunia.com/advisories/28542 SECUNIA:29420 URL:http://secunia.com/advisories/29420 SUNALERT:103114 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-103114-1~~ (Obsolete source) SUNALERT:200642 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-66-200642-1~~ (Obsolete source) SUSE:SUSE-SA:2007:054 URL:http://www.novell.com/linux/security/advisories/2007_54_xorg.html VUPEN:ADV-2007-3337 URL:~~http://www.vupen.com/english/advisories/2007/3337~~ (Obsolete source) VUPEN:ADV-2007-3338 URL:~~http://www.vupen.com/english/advisories/2007/3338~~ (Obsolete source) VUPEN:ADV-2007-3467 URL:~~http://www.vupen.com/english/advisories/2007/3467~~ (Obsolete source) VUPEN:ADV-2008-0149 URL:~~http://www.vupen.com/english/advisories/2008/0149~~ (Obsolete source) VUPEN:ADV-2008-0924 URL:~~http://www.vupen.com/english/advisories/2008/0924/references~~ (Obsolete source) XF:xfs-queryxbitmaps-queryxextents-bo(36920) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/36920
Assigning CNA
MITRE Corporation
Date Record Created
20070919	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070919)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)