FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-4568

This CVE name corresponds to:

Entered	Topic
2007-10-08	xfs -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2007-4568 at cve.mitre.org

Details

Type	Candidate
Name	CVE-2007-4568
Phase	Assigned(20070828)

Description

Integer overflow in the build_range function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values, which triggers a heap-based buffer overflow.

References

Source	Reference
IDEFENSE	20071002 Multiple Vendor X Font Server Multiple Vulnerabilities
BUGTRAQ	20071003 rPSA-2007-0205-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs
MLIST	[xorg-announce] 20071002 [ANNOUNCE] X.Org security advisory: multiple vulnerabilities in X font server
CONFIRM	https://issues.rpath.com/browse/RPL-1756
CONFIRM	http://bugs.freedesktop.org/show_bug.cgi?id=12298
CONFIRM	http://bugs.gentoo.org/show_bug.cgi?id=194606
CONFIRM	http://docs.info.apple.com/article.html?artnum=307430
CONFIRM	http://docs.info.apple.com/article.html?artnum=307562
APPLE	APPLE-SA-2008-02-11
APPLE	APPLE-SA-2008-03-18
DEBIAN	DSA-1385
FEDORA	FEDORA-2007-4263
GENTOO	GLSA-200710-11
MANDRIVA	MDKSA-2007:210
REDHAT	RHSA-2008:0029
REDHAT	RHSA-2008:0030
SUNALERT	103114
SUNALERT	200642
SUSE	SUSE-SA:2007:054
CERT	TA08-043B
BID	25898
OVAL	oval:org.mitre.oval:def:10882
VUPEN	ADV-2007-3337
VUPEN	ADV-2007-3338
VUPEN	ADV-2007-3467
VUPEN	ADV-2008-0495
VUPEN	ADV-2008-0924
SECTRACK	1018763
SECUNIA	27040
SECUNIA	27052
SECUNIA	27060
SECUNIA	27168
SECUNIA	27176
SECUNIA	27240
SECUNIA	27560
SECUNIA	27228
SECUNIA	28004
SECUNIA	28536
SECUNIA	28542
SECUNIA	28891
SECUNIA	29420
XF	xfs-protocol-requests-bo(36919)