CVE-2007-4990
xfs heap overflow in the swap_char2b function
Severity Score
7.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.
La función swap_char2b de X.Org X Font Server (xfs) anterior a 1.0.5 permite a atacantes locales o remotos (dependiendo del contexto) ejecutar código de su elección mediante peticiones de protocolo (1) QueryXBitmaps y (2) QueryXExtents con valores de tamaño manipulados que especifican un número arbitrario de bytes para ser intercambiados en el montículo, lo que produce una corrupción del montículo.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-09-19 CVE Reserved
- 2007-10-05 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-08 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-122: Heap-based Buffer Overflow
- CWE-189: Numeric Errors
CAPEC
References (40)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
X.org Search vendor "X.org" | X Font Server Search vendor "X.org" for product "X Font Server" | <= 1.0.4 Search vendor "X.org" for product "X Font Server" and version " <= 1.0.4" | - |
Affected
|