Heap Corruption in X.Org X Font Server Affects Multiple Versions
CVE-2007-4990

Currently unrated

Key Information:

Vendor: X.org
Status: X Font Server
Vendor: CVE Published:; 5 October 2007

What is CVE-2007-4990?

The swap_char2b function in the X.Org X Font Server prior to version 1.0.5 is vulnerable to heap corruption. This vulnerability can be exploited by sophisticated attackers sending crafted QueryXBitmaps and QueryXExtents protocol requests, with manipulated size values. Such exploits can lead to arbitrary code execution in the context of the server, potentially allowing attackers to execute malicious code remotely and compromise system integrity.

References

http://www.novell.com/linux/security/advisories/2007_54_x...

vendor-advisoryx_refsource_SUSE

http://www.securitytracker.com/id?1018763

vdb-entryx_refsource_SECTRACK

http://secunia.com/advisories/28542

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 5, 2007
Vulnerability Reserved
Sep 19, 2007

X.org

What is CVE-2007-4990?

References

Timeline