Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2007-4990
HistoryOct 05, 2007 - 12:00 a.m.

CVE-2007-4990

2007-10-0500:00:00
ubuntu.com
ubuntu.com
9

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.032 Low

EPSS

Percentile

91.1%

JSON

The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5 allows
context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps
and (2) QueryXExtents protocol requests with crafted size values that
specify an arbitrary number of bytes to be swapped on the heap, which
triggers heap corruption.

Notes

Author Note
jdstrand runs as root

Related

nessus 16
openvas 24
prion 2
cve 2
canvas 1
osv 1
debiancve 1
ubuntucve 1
fedora 1
securityvulns 1
gentoo 1
suse 1
centos 3
redhat 2
oraclelinux 1
nessus
nessus
HP-UX PHSS_37225 : HP-UX Running X Font Server (xfs) Software, Remote Execution of Arbitrary Code (HPSBUX02303 SSRT071468 rev.1)
2008-01-22 00:00:00
HP-UX PHSS_37226 : HP-UX Running X Font Server (xfs) Software, Remote Execution of Arbitrary Code (HPSBUX02303 SSRT071468 rev.1)
2008-01-22 00:00:00
HP-UX PHSS_37224 : HP-UX Running X Font Server (xfs) Software, Remote Execution of Arbitrary Code (HPSBUX02303 SSRT071468 rev.1)
2008-01-22 00:00:00
openvas
openvas
HP-UX Update for X Font Server (xfs) Software HPSBUX02303
2009-05-05 00:00:00
HP-UX Update for X Font Server (xfs) Software HPSBUX02303
2009-05-05 00:00:00
Mandriva Update for xfs MDKSA-2007:210 (xfs)
2009-04-09 00:00:00
prion
prion
Heap overflow
2007-10-05 21:17:00
Design/Logic Flaw
2008-01-18 23:00:00
cve
cve
CVE-2007-4990
2007-10-05 21:17:00
CVE-2007-6427
2008-01-18 23:00:00
canvas
canvas
Immunity Canvas: XFS_SWAPCHAR2B
2007-10-05 21:17:00
osv
osv
xfs
2007-10-09 00:00:00
debiancve
debiancve
CVE-2007-6427
2008-01-18 23:00:00
ubuntucve
ubuntucve
CVE-2007-6427
2008-01-18 00:00:00
fedora
fedora
[SECURITY] Fedora 7 Update: xorg-x11-xfs-1.0.5-1.fc7
2007-12-11 00:51:18
securityvulns
securityvulns
X11 X Font Server integer overflow
2007-10-04 00:00:00
gentoo
gentoo
X Font Server: Multiple Vulnerabilities
2007-10-12 00:00:00
suse
suse
local privilege escalation in XOrg
2007-10-12 16:41:18
centos
centos
XFree86 security update
2008-01-18 15:04:04
XFree86 security update
2008-01-20 22:56:55
xorg security update
2008-01-18 01:10:07
redhat
redhat
(RHSA-2008:0029) Important: XFree86 security update
2008-01-18 00:00:00
(RHSA-2008:0030) Important: xorg-x11 security update
2008-01-17 00:00:00
oraclelinux
oraclelinux
Important: xorg-x11 security update
2008-01-17 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.032 Low

EPSS

Percentile

91.1%

JSON
Related for UB:CVE-2007-4990
nessus16openvas24prion2cve2canvas1osv1debiancve1ubuntucve1fedora1securityvulns1gentoo1suse1centos3redhat2oraclelinux1