// For flags

CVE-2007-5760

xorg: invalid array indexing in XFree86-Misc extension

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Array index error in the XFree86-Misc extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via a PassMessage request containing a large array index.

Error de índice de Array en la extensión XFree86-Misc de X.Org Xserver versiones anteriores a 1.4.1 permite a atacantes locales o remotos dependientes del contexto ejecutar código de su elección mediante una petición PassMessage conteniendo un índice de array largo.

Local exploitation of an invalid array index vulnerability in the X.Org X server, as included in various vendors' operating system distributions, could allow an attacker to execute arbitrary code with the privileges of the X server, typically root. The vulnerability exists within the XFree86-Misc extension. When processing a request, a 32-bit value from the client's request is used as an index into an array of structures. This structure contains an array of function pointers, one of which is used later in the request handling. By supplying a large array index, an arbitrary function pointer can be dereferenced. This results in the execution of arbitrary code. iDefense has confirmed the existence of this vulnerability in X.org X11 version R7.3. Previous versions may also be affected.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-10-31 CVE Reserved
  • 2008-01-18 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (52)
URL Tag Source
http://bugs.gentoo.org/show_bug.cgi?id=204362 X_refsource_confirm
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=646 Third Party Advisory
http://secunia.com/advisories/28273 Third Party Advisory
http://secunia.com/advisories/28532 Third Party Advisory
http://secunia.com/advisories/28535 Third Party Advisory
http://secunia.com/advisories/28536 Third Party Advisory
http://secunia.com/advisories/28539 Third Party Advisory
http://secunia.com/advisories/28540 Third Party Advisory
http://secunia.com/advisories/28543 Third Party Advisory
http://secunia.com/advisories/28550 Third Party Advisory
http://secunia.com/advisories/28584 Third Party Advisory
http://secunia.com/advisories/28592 Third Party Advisory
http://secunia.com/advisories/28616 Third Party Advisory
http://secunia.com/advisories/28693 Third Party Advisory
http://secunia.com/advisories/28718 Third Party Advisory
http://secunia.com/advisories/28843 Third Party Advisory
http://secunia.com/advisories/28885 Third Party Advisory
http://secunia.com/advisories/28941 Third Party Advisory
http://secunia.com/advisories/29707 Third Party Advisory
http://secunia.com/advisories/30161 Third Party Advisory
http://securitytracker.com/id?1019232 Vdb Entry
http://support.avaya.com/elmodocs2/security/ASA-2008-039.htm X_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2008-078.htm X_refsource_confirm
http://www.securityfocus.com/archive/1/487335/100/0/threaded Mailing List
http://www.securityfocus.com/bid/27354 Vdb Entry
http://www.vupen.com/english/advisories/2008/0179 Vdb Entry
http://www.vupen.com/english/advisories/2008/0184 Vdb Entry
http://www.vupen.com/english/advisories/2008/0497/references Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/39766 Vdb Entry
https://issues.rpath.com/browse/RPL-2010 X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11718 Signature
URL Date SRC
URL Date SRC
http://lists.freedesktop.org/archives/xorg/2008-January/031918.html 2018-10-15
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103200-1 2018-10-15
http://www.securityfocus.com/bid/27336 2018-10-15
URL Date SRC
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00004.html 2018-10-15
http://security.gentoo.org/glsa/glsa-200801-09.xml 2018-10-15
http://security.gentoo.org/glsa/glsa-200804-05.xml 2018-10-15
http://sunsolve.sun.com/search/document.do?assetkey=1-26-200153-1 2018-10-15
http://www.debian.org/security/2008/dsa-1466 2018-10-15
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml 2018-10-15
http://www.mandriva.com/security/advisories?name=MDVSA-2008:022 2018-10-15
http://www.mandriva.com/security/advisories?name=MDVSA-2008:023 2018-10-15
http://www.mandriva.com/security/advisories?name=MDVSA-2008:025 2018-10-15
http://www.openbsd.org/errata41.html#012_xorg 2018-10-15
http://www.openbsd.org/errata42.html#006_xorg 2018-10-15
http://www.redhat.com/support/errata/RHSA-2008-0030.html 2018-10-15
http://www.redhat.com/support/errata/RHSA-2008-0031.html 2018-10-15
https://usn.ubuntu.com/571-1 2018-10-15
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00641.html 2018-10-15
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00704.html 2018-10-15
https://access.redhat.com/security/cve/CVE-2007-5760 2008-01-17
https://bugzilla.redhat.com/show_bug.cgi?id=414031 2008-01-17
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
X.org
Search vendor "X.org"
 Xserver
Search vendor "X.org" for product "Xserver"
 <= 1.4
Search vendor "X.org" for product "Xserver" and version " <= 1.4"
-
Affected
Xfree86 Project
Search vendor "Xfree86 Project"
 Xfree86-misc
Search vendor "Xfree86 Project" for product "Xfree86-misc"
*-
Affected