7 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.032 Low
EPSS
Percentile
91.1%
The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.
CPE | Name | Operator | Version |
---|---|---|---|
x.org:x_font_server | x.org x font server | le | 1.0.4 |
bugs.freedesktop.org/show_bug.cgi?id=12299
bugs.gentoo.org/show_bug.cgi?id=194606
docs.info.apple.com/article.html?artnum=307562
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01323725
labs.idefense.com/intelligence/vulnerabilities/display.php?id=602
lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
lists.freedesktop.org/archives/xorg-announce/2007-October/000416.html
secunia.com/advisories/27040
secunia.com/advisories/27052
secunia.com/advisories/27060
secunia.com/advisories/27176
secunia.com/advisories/27228
secunia.com/advisories/27240
secunia.com/advisories/27560
secunia.com/advisories/28004
secunia.com/advisories/28514
secunia.com/advisories/28536
secunia.com/advisories/28542
secunia.com/advisories/29420
security.gentoo.org/glsa/glsa-200710-11.xml
sunsolve.sun.com/search/document.do?assetkey=1-26-103114-1
sunsolve.sun.com/search/document.do?assetkey=1-66-200642-1
www.mandriva.com/security/advisories?name=MDKSA-2007:210
www.novell.com/linux/security/advisories/2007_54_xorg.html
www.redhat.com/support/errata/RHSA-2008-0029.html
www.redhat.com/support/errata/RHSA-2008-0030.html
www.securityfocus.com/archive/1/481432/100/0/threaded
www.securityfocus.com/bid/25898
www.securitytracker.com/id?1018763
www.vupen.com/english/advisories/2007/3337
www.vupen.com/english/advisories/2007/3338
www.vupen.com/english/advisories/2007/3467
www.vupen.com/english/advisories/2008/0149
www.vupen.com/english/advisories/2008/0924/references
exchange.xforce.ibmcloud.com/vulnerabilities/36920
issues.rpath.com/browse/RPL-1756
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11599
www.redhat.com/archives/fedora-package-announce/2007-December/msg00352.html