CVE-2007-1003Out-of-bounds Write in X11

11 documents8 sources
Severity
9.0CRITICALNVD
EPSS
8.0%
top 7.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
X.org Xorg-serverX.org X11
Timeline
PublishedApr 6
Latest updateMay 1

Description

Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList function in the XC-MISC extension in the X.Org X11 server (xserver) 7.1-1.1.0, and other versions before 20070403, allows remote authenticated users to execute arbitrary code via a large expression, which results in memory corruption.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages2 packages

Debianx.org/xorg-server< 2:1.1.1-21+3
NVDx.org/x117.1_1.1.0

Patches

Patch: secunia.comPatch: secunia.comPatch: www.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-qh64-49gx-35pg: Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList function in the XC-MISC extension in the X2022-05-01
OSV
CVE-2007-1003: Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList function in the XC-MISC extension in the X2007-04-06
CVEList
CVE-2007-1003: Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList function in the XC-MISC extension in the X2007-04-06

📋Vendor Advisories

3
Ubuntu
X.org vulnerabilities2007-04-03
Red Hat
xserver XC-MISC integer overflow2007-04-03
Debian
CVE-2007-1003: xorg-server - Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList function in the X...2007

💬Community

4
Bugzilla
CVE-2007-1003 xserver XC-MISC integer overflow2007-04-04
Bugzilla
CVE-2007-1003 xserver XC-MISC integer overflow2007-03-19
Bugzilla
CVE-2007-1003 xserver XC-MISC integer overflow2007-03-19
Bugzilla
CVE-2007-1003 xserver XC-MISC integer overflow2007-03-19
CVE-2007-1003 — Out-of-bounds Write in X.org X11 | cvebase