Published: 05/10/2007 Updated: 15/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Subscribe to X Font Server

The swap_char2b function in X.Org X Font Server (xfs) prior to 1.0.5 allows context-dependent malicious users to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.

Vulnerable Product	Search on Vulmon	Subscribe to Product
x.org x font server

CWE-189 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=602 http://lists.freedesktop.org/archives/xorg-announce/2007-October/000416.html https://issues.rpath.com/browse/RPL-1756 http://bugs.freedesktop.org/show_bug.cgi?id=12299 http://bugs.gentoo.org/show_bug.cgi?id=194606 http://security.gentoo.org/glsa/glsa-200710-11.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:210 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103114-1 http://www.novell.com/linux/security/advisories/2007_54_xorg.html http://www.securityfocus.com/bid/25898 http://www.securitytracker.com/id?1018763 http://secunia.com/advisories/27040 http://secunia.com/advisories/27052 http://secunia.com/advisories/27060 http://secunia.com/advisories/27176 http://secunia.com/advisories/27240 http://secunia.com/advisories/27560 http://secunia.com/advisories/27228 https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00352.html http://secunia.com/advisories/28004 http://secunia.com/advisories/28514 http://www.redhat.com/support/errata/RHSA-2008-0029.html http://www.redhat.com/support/errata/RHSA-2008-0030.html http://secunia.com/advisories/28536 http://secunia.com/advisories/28542 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200642-1 http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://secunia.com/advisories/29420 http://www.vupen.com/english/advisories/2007/3338 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01323725 http://www.vupen.com/english/advisories/2008/0149 http://www.vupen.com/english/advisories/2007/3337 http://www.vupen.com/english/advisories/2008/0924/references http://www.vupen.com/english/advisories/2007/3467 https://exchange.xforce.ibmcloud.com/vulnerabilities/36920 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11599 http://www.securityfocus.com/archive/1/481432/100/0/threaded https://nvd.nist.gov

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook