Candidate: CVE-2007-6429
References: 
 https://bugs.freedesktop.org/attachment.cgi?id=13300 (testcase for 13519)
 https://bugs.freedesktop.org/attachment.cgi?id=13581 (patch for 13519)
 https://bugs.freedesktop.org/attachment.cgi?id=13178 (testcase for 13520)
 https://bugs.freedesktop.org/attachment.cgi?id=13099 (patch for 13520) 
 https://ubuntu.com/security/notices/USN-571-1
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6429
PublicDate: 2008-01-18 23:00:00 UTC
Description:
 Multiple integer overflows in X.Org Xserver before 1.4.1 allow
 context-dependent attackers to execute arbitrary code via (1) a
 GetVisualInfo request containing a 32-bit value that is improperly used to
 calculate an amount of memory for allocation by the EVI extension, or (2) a
 request containing values related to pixmap size that are improperly used
 in management of shared memory by the MIT-SHM extension.
Ubuntu-Description: 
Notes: 
Bugs: 
 https://bugs.freedesktop.org/show_bug.cgi?id=13519
 https://bugs.freedesktop.org/show_bug.cgi?id=13520
Priority: medium
Discovered-by:
Assigned-to: kees
CVSS: 

upstream_xorg-server: pending
dapper_xorg-server: released (1:1.0.2-0ubuntu10.8)
edgy_xorg-server: released (1:1.1.1-0ubuntu12.3)
feisty_xorg-server: released (2:1.2.0-3ubuntu8.1)
gutsy_xorg-server: released (2:1.3.0.0.dfsg-12ubuntu8.1)
devel_xorg-server: released (2:1.4.1~git20080105-1ubuntu2)