CVE-2007-4568

Publication date 5 October 2007

Last updated 24 July 2024

Ubuntu priority

Integer overflow in the build_range function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values, which triggers a heap-based buffer overflow.

Read the notes from the security team

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
xfs	9.10 karmic	Fixed 1:1.0.4-2ubuntu1
	9.04 jaunty	Fixed 1:1.0.4-2ubuntu1
	8.10 intrepid	Fixed 1:1.0.4-2ubuntu1
	8.04 LTS hardy	Fixed 1:1.0.4-2ubuntu1
	7.10 gutsy	Fixed 1:1.0.4-2ubuntu1
	7.04 feisty	Ignored end of life, was needed
	6.10 edgy	Ignored end of life, was needed
	6.06 LTS dapper	Ignored end of life

How can I get the fixes?
What do statuses mean?

Notes

kees

sarge:4.3.0.dfsg.1-14sarge5, etch:1.0.1-7, unstable:1.0.5-1

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2007-4568