Information Disclosure in X.Org Xserver's TOG-CUP Extension
CVE-2007-6428

Currently unrated

Key Information:

Vendor: X.org
Status: Xserver; Tog-cup
Vendor: CVE Published:; 18 January 2008

What is CVE-2007-6428?

The ProcGetReservedColormapEntries function in the TOG-CUP extension of the X.Org Xserver before version 1.4.1 contains a flaw that allows context-dependent attackers to read from arbitrary memory locations. This issue arises from an improper use of a 32-bit value as an array index within a request. Exploiting this vulnerability can lead to unauthorized access to sensitive information stored in memory.

References

http://secunia.com/advisories/28542

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/29139

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/27336

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 18, 2008
Vulnerability Reserved
Dec 18, 2007

X.org

What is CVE-2007-6428?

References

Timeline