Vulnerability Description
The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| X.Org | X Font Server | <= 1.0.4 |
Related Weaknesses (CWE)
References
- http://bugs.freedesktop.org/show_bug.cgi?id=12299
- http://bugs.gentoo.org/show_bug.cgi?id=194606
- http://docs.info.apple.com/article.html?artnum=307562
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01323725
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=602
- http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
- http://lists.freedesktop.org/archives/xorg-announce/2007-October/000416.html
- http://secunia.com/advisories/27040
- http://secunia.com/advisories/27052
- http://secunia.com/advisories/27060
- http://secunia.com/advisories/27176
- http://secunia.com/advisories/27228
- http://secunia.com/advisories/27240
- http://secunia.com/advisories/27560
- http://secunia.com/advisories/28004
FAQ
What is CVE-2007-4990?
CVE-2007-4990 is a vulnerability with a CVSS score of 7.5 (HIGH). The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with craft...
How severe is CVE-2007-4990?
CVE-2007-4990 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-4990?
Check the references section above for vendor advisories and patch information. Affected products include: X.Org X Font Server.