CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2007-4990 – xfs heap overflow in the swap_char2b function
https://notcve.org/view.php?id=CVE-2007-4990
05 Oct 2007 — The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption. La función swap_char2b de X.Org X Font Server (xfs) anterior a 1.0.5 permite a atacantes locales o remotos (dependiendo del contexto) ejecutar código de su elección mediante peticiones de protocol... • http://bugs.freedesktop.org/show_bug.cgi?id=12299 • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 2%CPEs: 5EXPL: 0CVE-2006-6102
https://notcve.org/view.php?id=CVE-2006-6102
31 Dec 2006 — Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures. Desbordamiento de enteros en la función ProcDbeGetVisualInfo en la extensión DBE para el X.Org 6.8.2, 6.9.0, 7.0 y 7.1, y XFree86 X server, permite a usuarios locales la ejecución de código de su elección a través de ... • http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2007-002.txt.asc •