Vulnerability Details : CVE-2007-4990
The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.
Vulnerability category: Execute code
Products affected by CVE-2007-4990
- cpe:2.3:a:x.org:x_font_server:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-4990
3.48%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 92 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-4990
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2007-4990
-
Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2007-4990
-
Red Hat 2007-10-08Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-4990 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
References for CVE-2007-4990
-
http://www.vupen.com/english/advisories/2007/3338
-
http://www.securitytracker.com/id?1018763
-
http://security.gentoo.org/glsa/glsa-200710-11.xml
-
https://issues.rpath.com/browse/RPL-1756
-
http://www.novell.com/linux/security/advisories/2007_54_xorg.html
404 Page Not Found | SUSE
-
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200642-1
-
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:210
-
http://www.vupen.com/english/advisories/2008/0149
-
http://www.vupen.com/english/advisories/2007/3337
-
http://www.vupen.com/english/advisories/2007/3467
-
http://bugs.gentoo.org/show_bug.cgi?id=194606
-
http://bugs.freedesktop.org/show_bug.cgi?id=12299
-
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01323725
-
http://docs.info.apple.com/article.html?artnum=307562
-
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00352.html
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11599
-
http://lists.freedesktop.org/archives/xorg-announce/2007-October/000416.html
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/36920
-
http://www.securityfocus.com/bid/25898
-
http://www.redhat.com/support/errata/RHSA-2008-0029.html
Support
-
http://www.securityfocus.com/archive/1/481432/100/0/threaded
-
http://www.redhat.com/support/errata/RHSA-2008-0030.html
Support
-
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=602
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103114-1
-
http://www.vupen.com/english/advisories/2008/0924/references
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
Jump to