LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Highlights from the PostgreSQL 9.2 beta

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

xorg-x11-xfs: arbitrary code execution

Package(s):xorg-x11-xfs CVE #(s):
Created:December 10, 2007 Updated:December 12, 2007
Description:

From the xorg advisory:

Several vulnerabilities have been identified in xfs, the X font server. The QueryXBitmaps and QueryXExtents protocol requests suffer from lack of validation of their 'length' parameters. Maliciously crafted requests can either cause two different problems with both requests:

* An integer overflow in the computation of the size of a dynamic buffer can lead to a heap overflow in the build_range() function.

* An arbitrary number of bytes on the heap can be swapped by the swap_char2b() function.

Alerts:
Fedora FEDORA-2007-763 2007-12-07
(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds