Lucene search

PRIOn knowledge basePRION:CVE-2007-4990

HistoryOct 05, 2007 - 9:17 p.m.

Heap overflow

2007-10-0521:17:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.032 Low

EPSS

Percentile

90.9%

JSON

The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.

CPENameOperatorVersion
x_font_serverle1.0.4

CPE	Name	Operator	Version
	x_font_server	le	1.0.4

References

bugs.freedesktop.org/show_bug.cgi?id=12299

bugs.gentoo.org/show_bug.cgi?id=194606

docs.info.apple.com/article.html?artnum=307562

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01323725

labs.idefense.com/intelligence/vulnerabilities/display.php?id=602

lists.apple.com/archives/security-announce/2008/Mar/msg00001.html

lists.freedesktop.org/archives/xorg-announce/2007-October/000416.html

secunia.com/advisories/27040

secunia.com/advisories/27052

secunia.com/advisories/27060

secunia.com/advisories/27176

secunia.com/advisories/27228

secunia.com/advisories/27240

secunia.com/advisories/27560

secunia.com/advisories/28004

secunia.com/advisories/28514

secunia.com/advisories/28536

secunia.com/advisories/28542

secunia.com/advisories/29420

security.gentoo.org/glsa/glsa-200710-11.xml

sunsolve.sun.com/search/document.do?assetkey=1-26-103114-1

sunsolve.sun.com/search/document.do?assetkey=1-66-200642-1

www.mandriva.com/security/advisories?name=MDKSA-2007:210

www.novell.com/linux/security/advisories/2007_54_xorg.html

www.redhat.com/support/errata/RHSA-2008-0029.html

www.redhat.com/support/errata/RHSA-2008-0030.html

www.securityfocus.com/archive/1/481432/100/0/threaded

www.securityfocus.com/bid/25898

www.securitytracker.com/id?1018763

www.vupen.com/english/advisories/2007/3337

www.vupen.com/english/advisories/2007/3338

www.vupen.com/english/advisories/2007/3467

www.vupen.com/english/advisories/2008/0149

www.vupen.com/english/advisories/2008/0924/references

exchange.xforce.ibmcloud.com/vulnerabilities/36920

issues.rpath.com/browse/RPL-1756

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11599

www.redhat.com/archives/fedora-package-announce/2007-December/msg00352.html

7.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.032 Low

EPSS

Percentile

90.9%

JSON

Related for PRION:CVE-2007-4990