Back to search
CVE-2007-4990
Published: Oct 5, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
SUSE-SA:2007:054
vendor-advisory
x_refsource_SUSE
1018763
vdb-entry
x_refsource_SECTRACK
28542
third-party-advisory
x_refsource_SECUNIA
200642
vendor-advisory
x_refsource_SUNALERT
FEDORA-2007-4263
vendor-advisory
x_refsource_FEDORA
20071003 rPSA-2007-0205-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs
mailing-list
x_refsource_BUGTRAQ
http://bugs.freedesktop.org/show_bug.cgi?id=12299
x_refsource_CONFIRM
28514
third-party-advisory
x_refsource_SECUNIA
27052
third-party-advisory
x_refsource_SECUNIA
20071002 Multiple Vendor X Font Server Multiple Vulnerabilities
third-party-advisory
x_refsource_IDEFENSE
27060
third-party-advisory
x_refsource_SECUNIA
ADV-2008-0924
vdb-entry
x_refsource_VUPEN
HPSBUX02303
vendor-advisory
x_refsource_HP
[xorg-announce] 20071002 [ANNOUNCE] X.Org security advisory: multiple vulnerabilities in X font server
mailing-list
x_refsource_MLIST
RHSA-2008:0029
vendor-advisory
x_refsource_REDHAT
28004
third-party-advisory
x_refsource_SECUNIA
27240
third-party-advisory
x_refsource_SECUNIA
https://issues.rpath.com/browse/RPL-1756
x_refsource_CONFIRM
29420
third-party-advisory
x_refsource_SECUNIA
27040
third-party-advisory
x_refsource_SECUNIA
APPLE-SA-2008-03-18
vendor-advisory
x_refsource_APPLE
27176
third-party-advisory
x_refsource_SECUNIA
GLSA-200710-11
vendor-advisory
x_refsource_GENTOO
27228
third-party-advisory
x_refsource_SECUNIA
ADV-2007-3467
vdb-entry
x_refsource_VUPEN
RHSA-2008:0030
vendor-advisory
x_refsource_REDHAT
103114
vendor-advisory
x_refsource_SUNALERT
ADV-2008-0149
vdb-entry
x_refsource_VUPEN
MDKSA-2007:210
vendor-advisory
x_refsource_MANDRIVA
25898
vdb-entry
x_refsource_BID
http://bugs.gentoo.org/show_bug.cgi?id=194606
x_refsource_CONFIRM
ADV-2007-3338
vdb-entry
x_refsource_VUPEN
27560
third-party-advisory
x_refsource_SECUNIA
oval:org.mitre.oval:def:11599
vdb-entry
signature
x_refsource_OVAL
http://docs.info.apple.com/article.html?artnum=307562
x_refsource_CONFIRM
ADV-2007-3337
vdb-entry
x_refsource_VUPEN
xfs-queryxbitmaps-queryxextents-bo(36920)
vdb-entry
x_refsource_XF
SSRT071468
vendor-advisory
x_refsource_HP
28536
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now