CVE-2007-6429
Published: 18 January 2008
Multiple integer overflows in X.Org Xserver before 1.4.1 allow context-dependent attackers to execute arbitrary code via (1) a GetVisualInfo request containing a 32-bit value that is improperly used to calculate an amount of memory for allocation by the EVI extension, or (2) a request containing values related to pixmap size that are improperly used in management of shared memory by the MIT-SHM extension.
Priority
Status
Package | Release | Status |
---|---|---|
xorg-server Launchpad, Ubuntu, Debian |
upstream |
Pending
|
dapper |
Released
(1:1.0.2-0ubuntu10.8)
|
|
edgy |
Released
(1:1.1.1-0ubuntu12.3)
|
|
feisty |
Released
(2:1.2.0-3ubuntu8.1)
|
|
gutsy |
Released
(2:1.3.0.0.dfsg-12ubuntu8.1)
|
References
- https://bugs.freedesktop.org/attachment.cgi?id=13300 (testcase for 13519)
- https://bugs.freedesktop.org/attachment.cgi?id=13581 (patch for 13519)
- https://bugs.freedesktop.org/attachment.cgi?id=13178 (testcase for 13520)
- https://bugs.freedesktop.org/attachment.cgi?id=13099 (patch for 13520)
- https://ubuntu.com/security/notices/USN-571-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6429
- NVD
- Launchpad
- Debian