LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

XFree86 X.org: integer overflows

Package(s):xfree86 x.org CVE #(s):CVE-2007-1003 CVE-2007-1667 CVE-2007-1351 CVE-2007-1352
Created:April 3, 2007 Updated:August 11, 2009
Description: iDefense reported an integer overflow flaw in the XFree86 XC-MISC extension. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2007-1003)

iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1351, CVE-2007-1352)

An integer overflow flaw was found in the XFree86 XGetPixel() function. Improper use of this function could cause an application calling it to function improperly, possibly leading to a crash or arbitrary code execution. (CVE-2007-1667)

Alerts:
Debian DSA-1858-1 2009-08-10
SuSE SUSE-SR:2008:008 2008-04-04
Debian DSA-1454-1 2008-01-07
Debian DSA-1294-1 2007-05-17
Gentoo 200705-10 2007-05-08
Gentoo 200705-06 2007-05-05
Gentoo 200705-02 2007-05-01
Ubuntu USN-453-2 2007-04-26
SuSE SUSE-SA:2007:027 2007-04-20
Slackware SSA:2007-109-01 2007-04-20
Ubuntu USN-453-1 2007-04-18
Red Hat RHSA-2007:0157-01 2007-04-16
Red Hat RHSA-2007:0150-01 2007-04-16
Mandriva MDKSA-2007:079-1 2007-04-11
Mandriva MDKSA-2007:080-1 2007-04-10
Mandriva MDKSA-2007:081-1 2007-04-10
Fedora FEDORA-2007-427 2007-04-10
Fedora FEDORA-2007-426 2007-04-10
Fedora FEDORA-2007-425 2007-04-10
Fedora FEDORA-2007-424 2007-04-10
Fedora FEDORA-2007-423 2007-04-09
Fedora FEDORA-2007-422 2007-04-09
Foresight FLEA-2007-0009-1 2007-04-05
Mandriva MDKSA-2007:080 2007-04-04
Mandriva MDKSA-2007:081 2007-04-04
Mandriva MDKSA-2007:079 2007-04-04
rPath rPSA-2007-0065-1 2007-04-04
Ubuntu USN-448-1 2007-04-03
Red Hat RHSA-2007:0132-01 2007-04-03
Red Hat RHSA-2007:0127-01 2007-04-03
Red Hat RHSA-2007:0126-01 2007-04-03
Red Hat RHSA-2007:0125-01 2007-04-03
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds