CVE-2007-4990

HIGH

Description

The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.

References

http://bugs.freedesktop.org/show_bug.cgi?id=12299

http://bugs.gentoo.org/show_bug.cgi?id=194606

http://docs.info.apple.com/article.html?artnum=307562

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01323725

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=602

http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html

http://lists.freedesktop.org/archives/xorg-announce/2007-October/000416.html

http://secunia.com/advisories/27040

http://secunia.com/advisories/27052

http://secunia.com/advisories/27060

http://secunia.com/advisories/27176

http://secunia.com/advisories/27228

http://secunia.com/advisories/27240

http://secunia.com/advisories/27560

http://secunia.com/advisories/28004

http://secunia.com/advisories/28514

http://secunia.com/advisories/28536

http://secunia.com/advisories/28542

http://secunia.com/advisories/29420

http://security.gentoo.org/glsa/glsa-200710-11.xml

http://sunsolve.sun.com/search/document.do?assetkey=1-26-103114-1

http://sunsolve.sun.com/search/document.do?assetkey=1-66-200642-1

http://www.mandriva.com/security/advisories?name=MDKSA-2007:210

http://www.novell.com/linux/security/advisories/2007_54_xorg.html

http://www.redhat.com/support/errata/RHSA-2008-0029.html

http://www.redhat.com/support/errata/RHSA-2008-0030.html

http://www.securityfocus.com/archive/1/481432/100/0/threaded

http://www.securityfocus.com/bid/25898

http://www.securitytracker.com/id?1018763

http://www.vupen.com/english/advisories/2007/3337

http://www.vupen.com/english/advisories/2007/3338

http://www.vupen.com/english/advisories/2007/3467

http://www.vupen.com/english/advisories/2008/0149

http://www.vupen.com/english/advisories/2008/0924/references

https://exchange.xforce.ibmcloud.com/vulnerabilities/36920

https://issues.rpath.com/browse/RPL-1756

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11599

https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00352.html

Details

Source: MITRE

Published: 2007-10-05

Updated: 2018-10-15

Type: CWE-189

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH