Vulnerability Details : CVE-2007-4990
The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.
Vulnerability category: Execute code
Exploit prediction scoring system (EPSS) score for CVE-2007-4990
Probability of exploitation activity in the next 30 days: 3.19%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 91 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2007-4990
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2007-4990
-
Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2007-4990
-
Red Hat 2007-10-08Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-4990 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
- http://www.vupen.com/english/advisories/2007/3338
- http://www.securitytracker.com/id?1018763
- http://security.gentoo.org/glsa/glsa-200710-11.xml
- https://issues.rpath.com/browse/RPL-1756
- http://www.novell.com/linux/security/advisories/2007_54_xorg.html
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-200642-1
- http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:210
-
http://www.vupen.com/english/advisories/2008/0149
- http://www.vupen.com/english/advisories/2007/3337
- http://www.vupen.com/english/advisories/2007/3467
- http://bugs.gentoo.org/show_bug.cgi?id=194606
-
http://bugs.freedesktop.org/show_bug.cgi?id=12299
-
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01323725
- http://docs.info.apple.com/article.html?artnum=307562
- https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00352.html
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11599
- http://lists.freedesktop.org/archives/xorg-announce/2007-October/000416.html
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/36920
- http://www.securityfocus.com/bid/25898
- http://www.redhat.com/support/errata/RHSA-2008-0029.html
- http://www.securityfocus.com/archive/1/481432/100/0/threaded
- http://www.redhat.com/support/errata/RHSA-2008-0030.html
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=602
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-103114-1
-
http://www.vupen.com/english/advisories/2008/0924/references
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
- cpe:2.3:a:x.org:x_font_server:*:*:*:*:*:*:*:*