CVE-2007-6429 : Multiple integer overflows in X.Org Xserver before 1.4.1 allow context-dependent

Multiple integer overflows in X.Org Xserver before 1.4.1 allow context-dependent attackers to execute arbitrary code via (1) a GetVisualInfo request containing a 32-bit value that is improperly used to calculate an amount of memory for allocation by the EVI extension, or (2) a request containing values related to pixmap size that are improperly used in management of shared memory by the MIT-SHM extension.

Published 2008-01-18 23:00:00

Updated 2025-04-09 00:30:58

Source MITRE

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2007-6429

X.org » Xserver
Versions up to, including, (<=) 1.4
cpe:2.3:a:x.org:xserver:*:*:*:*:*:*:*:*
Matching versions
X.org » EVI
cpe:2.3:a:x.org:evi:*:*:*:*:*:*:*:*
Matching versions
X.org » Mit-shm
cpe:2.3:a:x.org:mit-shm:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2007-6429

EPSS FAQ

2.27%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 83 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2007-6429

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2007-6429

CWE-189

Assigned by: nvd@nist.gov (Primary)
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2007-6429

https://issues.rpath.com/browse/RPL-2010

CVEs referencing this url
http://www.mandriva.com/security/advisories?name=MDVSA-2008:022

Mandriva

CVEs referencing this url
http://bugs.gentoo.org/show_bug.cgi?id=204362

204362 – x11-base/xorg-server|x11-libs/libXfont Multiple vulnerabilities (CVE-2007-{5760,5958,6427,6428,6429}CVE-2008-0006)

CVEs referencing this url
http://secunia.com/advisories/32545

About Secunia Research | Flexera

CVEs referencing this url
http://www.vupen.com/english/advisories/2008/0497/references

Site en construction

CVEs referencing this url
http://secunia.com/advisories/28550

About Secunia Research | Flexera

CVEs referencing this url
http://secunia.com/advisories/28885

About Secunia Research | Flexera

CVEs referencing this url
http://secunia.com/advisories/28273

About Secunia Research | Flexera

CVEs referencing this url
http://www.securityfocus.com/bid/27336

Patch

CVEs referencing this url
http://lists.freedesktop.org/archives/xorg/2008-January/031918.html

modular -> monolithic
Patch

CVEs referencing this url
http://sunsolve.sun.com/search/document.do?assetkey=1-26-200153-1

CVEs referencing this url
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml

Linux Terminal Server Project: Multiple vulnerabilities (GLSA 200805-07) — Gentoo security

CVEs referencing this url
http://secunia.com/advisories/28542

About Secunia Research | Flexera

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00004.html

[security-announce] SUSE Security Announcement: Xorg and XFree (SUSE-SA:2008:003) - openSUSE Security Announce - openSUSE Mailing Lists

CVEs referencing this url
http://www.vupen.com/english/advisories/2008/0184

Site en construction

CVEs referencing this url
http://securitytracker.com/id?1019232

GoDaddy Domain Name Search

CVEs referencing this url
http://www.mandriva.com/security/advisories?name=MDVSA-2008:023

Mandriva

CVEs referencing this url
http://secunia.com/advisories/29420

About Secunia Research | Flexera

CVEs referencing this url
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html

CVEs referencing this url
http://secunia.com/advisories/28941

About Secunia Research | Flexera

CVEs referencing this url
http://secunia.com/advisories/28843

About Secunia Research | Flexera

CVEs referencing this url
http://support.avaya.com/elmodocs2/security/ASA-2008-039.htm

ASA-2008-039 (SUN 103200)

CVEs referencing this url
http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX61&path=/200802/SECURITY/20080227/datafile112539&label=AIX%20X%20server%20multiple%20vulnerabilities

404 Not Found

CVEs referencing this url
http://www.vupen.com/english/advisories/2008/0179

Site en construction

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/39764

X.Org X11 MIT-SHM extension integer overflow CVE-2007-6429 Vulnerability Report
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html

[security-announce] SUSE Security Summary Report SUSE-SR:2008:08 - openSUSE Security Announce - openSUSE Mailing Lists

CVEs referencing this url
http://secunia.com/advisories/29707

About Secunia Research | Flexera

CVEs referencing this url
http://support.avaya.com/elmodocs2/security/ASA-2008-078.htm

ASA-2008-078 (SUN 200153, Previous, ID:, 103200)

CVEs referencing this url
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103200-1

Patch

CVEs referencing this url
http://secunia.com/advisories/28536

About Secunia Research | Flexera

CVEs referencing this url
http://www.vupen.com/english/advisories/2008/0703

Site en construction

CVEs referencing this url
http://security.gentoo.org/glsa/glsa-200804-05.xml

NX: User-assisted execution of arbitrary code (GLSA 200804-05) — Gentoo security

CVEs referencing this url
http://www.securityfocus.com/bid/27353
http://security.gentoo.org/glsa/glsa-200801-09.xml

X.Org X server and Xfont library: Multiple vulnerabilities (GLSA 200801-09) — Gentoo security

CVEs referencing this url
https://usn.ubuntu.com/571-1/

404: Page not found | Ubuntu

CVEs referencing this url
http://secunia.com/advisories/28592

About Secunia Research | Flexera

CVEs referencing this url
http://secunia.com/advisories/29139

About Secunia Research | Flexera

CVEs referencing this url
http://secunia.com/advisories/30161

About Secunia Research | Flexera

CVEs referencing this url
http://www.redhat.com/support/errata/RHSA-2008-0031.html

Support

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html

[security-announce] SUSE Security Summary Report SUSE-SR:2008:003 - openSUSE Security Announce - openSUSE Mailing Lists

CVEs referencing this url
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00704.html

[SECURITY] Fedora 7 Update: xorg-x11-server-1.3.0.0-15.fc7

CVEs referencing this url
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=645
http://docs.info.apple.com/article.html?artnum=307562

CVEs referencing this url
http://secunia.com/advisories/28540

About Secunia Research | Flexera

CVEs referencing this url
http://secunia.com/advisories/28838

About Secunia Research | Flexera

CVEs referencing this url
http://secunia.com/advisories/28616

About Secunia Research | Flexera

CVEs referencing this url
http://www.mandriva.com/security/advisories?name=MDVSA-2008:021

Mandriva

CVEs referencing this url
http://secunia.com/advisories/28535

About Secunia Research | Flexera

CVEs referencing this url
http://www.debian.org/security/2008/dsa-1466

Debian -- The Universal Operating System

CVEs referencing this url
http://www.securityfocus.com/archive/1/487335/100/0/threaded

CVEs referencing this url
http://secunia.com/advisories/28543

About Secunia Research | Flexera

CVEs referencing this url
http://secunia.com/advisories/28693

About Secunia Research | Flexera

CVEs referencing this url
http://www.openbsd.org/errata42.html#006_xorg

OpenBSD 4.2 Errata

CVEs referencing this url
http://secunia.com/advisories/28539

About Secunia Research | Flexera

CVEs referencing this url
http://secunia.com/advisories/28532

About Secunia Research | Flexera

CVEs referencing this url
http://www.redhat.com/support/errata/RHSA-2008-0029.html

Support

CVEs referencing this url
http://secunia.com/advisories/29622

About Secunia Research | Flexera

CVEs referencing this url
http://www.vupen.com/english/advisories/2008/3000

Site en construction

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11045

404 Not Found
https://exchange.xforce.ibmcloud.com/vulnerabilities/39763

X.Org X11 EVI extension buffer overflow CVE-2007-6429 Vulnerability Report
http://secunia.com/advisories/28718

About Secunia Research | Flexera

CVEs referencing this url
http://www.securityfocus.com/bid/27350
http://secunia.com/advisories/28584

About Secunia Research | Flexera

CVEs referencing this url
http://www.openbsd.org/errata41.html#012_xorg

OpenBSD 4.1 Errata

CVEs referencing this url
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321

CVEs referencing this url
http://www.redhat.com/support/errata/RHSA-2008-0030.html

Support

CVEs referencing this url
http://www.mandriva.com/security/advisories?name=MDVSA-2008:025

Mandriva

CVEs referencing this url
http://www.vupen.com/english/advisories/2008/0924/references

Webmail: access your OVH emails on ovhcloud.com | OVHcloud

CVEs referencing this url
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00641.html

[SECURITY] Fedora 8 Update: xorg-x11-server-1.3.0.0-39.fc8

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2007-6429

Products affected by CVE-2007-6429

Exploit prediction scoring system (EPSS) score for CVE-2007-6429

CVSS scores for CVE-2007-6429

CWE ids for CVE-2007-6429

References for CVE-2007-6429