Computer Security
[EN] securityvulns.ru no-pyccku


Multiple vulnerabilities in X.Org X11 server
Published:04.04.2007
Source:
SecurityVulns ID:7531
Type:local
Threat Level:
7/10
Description:Multiple inteer overflows and memory corruptions.
Affected:TIGHTVNC : tightvnc 1.2
 FREETYPE : freetype 2.2
 XORG : X11 7.1
CVE:CVE-2007-2437 (The X render (Xrender) extension in X.org X Window System 7.0, 7.1, and 7.2, with Xserver 1.3.0 and earlier, allows remote authenticated users to cause a denial of service (daemon crash) via crafted values to the (1) XRenderCompositeTrapezoids and (2) XRenderAddTraps functions, which trigger a divide-by-zero error.)
 CVE-2007-1352 (Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow.)
 CVE-2007-1351 (Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.)
 CVE-2007-1003 (Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList function in the XC-MISC extension in the X.Org X11 server (xserver) 7.1-1.1.0, and other versions before 20070403, allows remote authenticated users to execute arbitrary code via a large expression, which results in memory corruption.)
Original documentdocumentIDEFENSE, [Full-disclosure] iDefense Security Advisory 04.03.07: Multiple Vendor X Server BDF Font Parsing Integer Overflow Vulnerability (04.04.2007)
 documentIDEFENSE, [Full-disclosure] iDefense Security Advisory 04.03.07: Multiple Vendor X Server fonts.dir File Parsing Integer Overflow Vulnerability (04.04.2007)
 documentIDEFENSE, [Full-disclosure] iDefense Security Advisory 04.03.07: Multiple Vendor X Server XC-MISC Extension Memory Corruption Vulnerability (04.04.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod