Integer Overflow in X.Org X Font Server Affects Multiple Platforms
CVE-2007-4568

Currently unrated

Key Information:

Vendor

X.org

Status
X Font Server
Vendor
CVE Published:
5 October 2007

What is CVE-2007-4568?

The vulnerability involves an integer overflow in the build_range function of X.Org's X Font Server (xfs) prior to version 1.0.5. Exploitation of this flaw allows context-dependent attackers to execute arbitrary code by sending crafted requests via QueryXBitmaps and QueryXExtents with manipulated size values. This results in a heap-based buffer overflow, potentially compromising the integrity of the affected systems.

References

http://www.novell.com/linux/security/advisories/2007_54_x...
vendor-advisoryx_refsource_SUSE
http://www.securitytracker.com/id?1018763
vdb-entryx_refsource_SECTRACK
http://secunia.com/advisories/28542
third-party-advisoryx_refsource_SECUNIA

EPSS Score

24% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.