CVE-2007-4990 Information

Feb 14, 2021 cve

Description

The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values that specify an arbitrary number of bytes to be swapped on the heap which triggers heap corruption.

Reference

http://bugs.freedesktop.org/show_bug.cgi?id=12299 http://bugs.gentoo.org/show_bug.cgi?id=194606 http://docs.info.apple.com/article.html?artnum=307562 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01323725 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=602 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.freedesktop.org/archives/xorg-announce/2007-October/000416.html http://secunia.com/advisories/27040 http://secunia.com/advisories/27052 http://secunia.com/advisories/27060 http://secunia.com/advisories/27176 http://secunia.com/advisories/27228 http://secunia.com/advisories/27240 http://secunia.com/advisories/27560 http://secunia.com/advisories/28004 http://secunia.com/advisories/28514 http://secunia.com/advisories/28536 http://secunia.com/advisories/28542 http://secunia.com/advisories/29420 http://security.gentoo.org/glsa/glsa-200710-11.xml http://sunsolve.sun.com/search/document.do?assetkey=1-26-103114-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200642-1 http://www.mandriva.com/security/advisories?name=MDKSA-2007:210 http://www.novell.com/linux/security/advisories/2007_54_xorg.html http://www.redhat.com/support/errata/RHSA-2008-0029.html http://www.redhat.com/support/errata/RHSA-2008-0030.html http://www.securityfocus.com/archive/1/481432/100/0/threaded http://www.securityfocus.com/bid/25898 http://www.securitytracker.com/id?1018763 http://www.vupen.com/english/advisories/2007/3337 http://www.vupen.com/english/advisories/2007/3338 http://www.vupen.com/english/advisories/2007/3467 http://www.vupen.com/english/advisories/2008/0149 http://www.vupen.com/english/advisories/2008/0924/references https://exchange.xforce.ibmcloud.com/vulnerabilities/36920 https://issues.rpath.com/browse/RPL-1756 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A11599 https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00352.html

Share on: