CVE-2007-6427
published 2008-01-18CVE-2007-6427: The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap…
critical9.3CVSS 3.1
AVNACMAuNCCICAC
The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990.
Affected
25 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | mac_os_x | < 10.4.11 | 10.4.11 |
| apple | mac_os_x | >= 10.5.0 < 10.5.2 | 10.5.2 |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | xorg-server | < xorg-server 2:1.4.1~git20080105-2 (bookworm) | xorg-server 2:1.4.1~git20080105-2 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| suse | linux | — | — |
| suse | linux_enterprise_desktop | — | — |
| suse | linux_enterprise_desktop | — | — |
| suse | linux_enterprise_server | — | — |
| suse | linux_enterprise_server | — | — |
| suse | linux_enterprise_server | — | — |
| suse | linux_enterprise_software_development_kit | — | — |
| x.org | x_server | < 1.4.1 | 1.4.1 |
| x.org | xorg-server | >= 0 < 2:1.4.1~git20080105-2 | 2:1.4.1~git20080105-2 |
| x.org | xorg-server | >= 0 < 2:1.4.1~git20080105-2 | 2:1.4.1~git20080105-2 |
| x.org | xorg-server | >= 0 < 2:1.4.1~git20080105-2 | 2:1.4.1~git20080105-2 |
| x.org | xorg-server | >= 0 < 2:1.4.1~git20080105-2 | 2:1.4.1~git20080105-2 |
CVSS provenance
nvd9.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv7.5HIGH